Loading threats
Identifies an SMB session where the IPC$ share is accessed and RPC bindings are established to the SAMR and SRVSVC interfaces via named pipes. The combination of IPC$ access, SAMR RPC binding (Security Account Manager Remote), and SRVSVC pipe interaction indicates authenticated enumeration of user accounts, groups, shares, or service information on a Windows host. This behavior reflects structured post-authentication reconnaissance against Windows systems rather than unauthenticated share scanning.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 34.14.103.46 | 100% | 1,352 | 467 | 🇧🇪 BE | AS396982 | 2026-02-27 |
| 45.84.107.128 | 98% | 1,033 | 239 | 🇸🇪 SE | AS214503 | 2026-04-21 |
| 45.84.107.174 | 99% | 1,026 | 273 | 🇸🇪 SE | AS214503 | 2026-04-21 |
| 118.193.40.131 | 99% | 940 | 737 | 🇭🇰 HK | AS135377 | 2026-04-18 |
| 152.32.133.191 | 100% | 917 | 682 | 🇭🇰 HK | AS135377 | 2026-04-20 |
| 101.36.108.184 | 100% | 914 | 676 | 🇭🇰 HK | AS135377 | 2026-04-21 |
| 101.36.109.144 | 99% | 906 | 585 | 🇭🇰 HK | AS135377 | 2026-04-20 |
| 45.142.154.93 | 99% | 850 | 638 | 🇭🇰 HK | AS9465 | 2026-04-20 |
| 118.193.39.149 | 99% | 847 | 564 | 🇭🇰 HK | AS135377 | 2026-04-19 |
| 101.36.108.178 | 99% | 819 | 592 | 🇭🇰 HK | AS135377 | 2026-04-20 |
| 152.32.135.151 | 98% | 799 | 612 | 🇭🇰 HK | AS135377 | 2026-04-21 |
| 101.36.111.38 | 99% | 793 | 606 | 🇭🇰 HK | AS135377 | 2026-04-21 |
| 45.142.154.39 | 99% | 792 | 586 | 🇭🇰 HK | AS9465 | 2026-04-20 |
| 45.142.154.107 | 99% | 791 | 663 | 🇭🇰 HK | AS9465 | 2026-04-21 |
| 45.142.154.43 | 99% | 779 | 592 | 🇭🇰 HK | AS9465 | 2026-04-21 |
| 45.142.154.92 | 98% | 777 | 480 | 🇭🇰 HK | AS9465 | 2026-04-19 |
| 118.193.39.146 | 98% | 774 | 560 | 🇭🇰 HK | AS135377 | 2026-04-20 |
| 152.32.131.10 | 99% | 772 | 619 | 🇭🇰 HK | AS135377 | 2026-04-20 |
| 45.142.154.32 | 98% | 770 | 496 | 🇭🇰 HK | AS9465 | 2026-04-21 |
| 101.36.111.179 | 99% | 768 | 584 | 🇭🇰 HK | AS135377 | 2026-04-21 |