Posts tagged: SMB_EXPLOIT_PROBE

8 posts
HIGH 116.102.39.187 VN · ASNone

Malicious activity detected from 116.102.39.187 (VN, ASNone). 65038 events observed across Diameter, MySQL, SMB, TCP, TCP/SYN. AI verdict: MEDIUM.

SMB_EXPLOIT_PROBE PROTO_ABUSE
2026-05-30T06:44 UTC
LOW 34.53.160.242 · ASNone

IP address 34.53.160.242 conducted a sustained 25-day campaign targeting RSYNC, SMB, and HTTP services with 192 attack events, demonstrating reconnaissance and exploitation capabilities. This represents a MEDIUM threat level with known attack patterns including SMB1 exploitation attempts and RSYNC a…

RSYNC_ATTACK RCE RSYNC_RECON SMB_EXPLOIT_PROBE
2026-04-22T10:51 UTC
HIGH 203.192.224.97 IN · AS17665

A Windows Server 2012 R2 system in Nagpur, India conducted SMBv1 protocol negotiation attempts against network infrastructure on April 19, 2026 between 07:00-09:00 UTC. This reconnaissance activity poses HIGH risk as it targets legacy SMB services vulnerable to critical remote code execution exploit…

SMB_EXPLOIT_PROBE
2026-04-19T08:42 UTC
HIGH 35.216.140.3 · ASNone · 1 update

IP address 35.216.140.3 conducted a sustained 41-day reconnaissance campaign targeting web applications and network services, attempting to access sensitive configuration files and probing RDP/SMB services. The activity represents a MEDIUM threat level with moderate sophistication, likely representi…

WEB_EXPLOITER SCANNER LFI SMB_EXPLOIT_PROBE RDP_SCAN
2026-04-15T07:16 UTC
HIGH 176.115.192.229 RU · AS50241

A Russian-based threat actor (176.115.192.229) conducted an intensive SMBv1 exploitation campaign generating over 64,000 attack events between April 5-9, 2026. This represents a HIGH severity threat targeting legacy SMB implementations with known exploitation techniques. Organizations should immedia…

SMB_EXPLOIT_PROBE
2026-04-09T10:48 UTC
MEDIUM 223.184.169.119 · ASNone

IP address 223.184.169.119 conducted sustained SMB exploitation probes targeting port 445 over approximately 1.5 hours on March 26, 2026, generating 2,049 security events with 448 confirmed SMB exploit probe attempts. This activity represents a SUSPICIOUS threat level indicating potential reconnais…

SMB_EXPLOIT_PROBE
2026-03-26T15:13 UTC
MEDIUM 106.214.8.216 · ASNone

Source IP 106.214.8.216 conducted intensive SMB exploitation probes targeting port 445 over a 1-hour window on March 26, 2026, generating 3,009 security events with 867 confirmed SMB exploit attempts. This activity represents a HIGH severity threat consistent with automated vulnerability scanning o…

SMB_EXPLOIT_PROBE
2026-03-26T15:10 UTC
LOW 183.89.229.229 · ASNone

Threat actor at IP 183.89.229.229 conducted intensive SMB reconnaissance against network infrastructure on March 26, 2026, generating 4,368 events over approximately one hour targeting SMB services. Assessment indicates MEDIUM threat level focused on vulnerability discovery and potential exploitati…

SMB_EXPLOIT_PROBE
2026-03-26T15:07 UTC