103.136.44.194

Summary (Bottom Line Up Front)

External actor at 103.136.44.194 conducted SMBv1 protocol negotiation attempts against non-standard port 9001 over a 9-minute window on 2026-02-28. Activity assessed as MEDIUM threat level with 46 discrete events indicating systematic reconnaissance behavior targeting legacy SMB implementations.

SMB TCP TCP/SYN auto
SMB
Activity Timeline
INITIAL REPORT2026-03-14T16:25:57Z
Source: Analyst Manual Entry
External actor at 103.136.44.194 conducted SMBv1 protocol negotiation attempts against non-standard port 9001 over a 9-minute window on 2026-02-28. Activity assessed as MEDIUM threat level with 46 discrete events indicating systematic reconnaissance behavior targeting legacy SMB implementations.
Technical details
Actor initiated SMBv1 protocol negotiations containing deprecated dialect strings including "Windows for Workgroups 3.1a" and "NT LM 0.12" authentication protocols. Traffic analysis identified 6 distinct SMB enumeration attempts classified under MITRE ATT&CK technique T1135 (Network Share Discovery). The actor targeted a single destination port (9001) exclusively using SMB, TCP, and TCP/SYN protocols. No CVE-specific exploit payloads were observed in the captured traffic. Source infrastructure originated from AS138783 (THREEJ Global Services Private Limited) in India with no reverse DNS resolution or VPN indicators.
IOCs
IP:103.136.44.194
ASN:138783
COUNTRY:IN
Threat Assessment
Threat Level LOW
AI Verdict MEDIUM
Confidence 85%
Total Events 46
AbuseIPDB 0/100
Indicators of Compromise
ip 103.136.44.194
asn 138783
country IN