45.33.12.214

Summary (Bottom Line Up Front)

External IP address 45.33.12.214 conducted sustained multi-protocol reconnaissance activity over 42 days (March 3-April 14, 2026), targeting SMB, RDP, HTTP, and TLS services across 4 unique ports with 55 total events observed. Assessment indicates low-to-moderate threat level focused on network enumeration and service discovery. Network defenders should implement enhanced monitoring for the identified IOC and review exposure of commonly targeted services. ##

HTTP RDP TCP TLS/1.0 smb

SMB_SCAN SCANNER

Activity Timeline

INITIAL REPORT2026-04-14T08:24:51Z

Source: Analyst Manual Entry

Technical details

Attack Vector: Multi-protocol network scanning campaign spanning HTTP, RDP, TCP, TLS/1.0, and SMB protocols. Primary focus on SMB reconnaissance (7 events) with additional masscan and automated scanning activity detected. MITRE Mapping: T1046 (Network Service Scanning) during Reconnaissance phase. Volume: 55 total events across 42-day period indicating persistent but low-volume scanning. Payload Analysis: SMB scanning attempts contained minimal payloads (sample: 666f7820) consistent with service enumeration rather than exploitation attempts. IOCs: 45.33.12.214 (source IP), SMB port 445 primary target, non-standard port 2200 connection attempts observed.

IOCs

IP:45.33.12.214

Recommendations

Block IP address 45.33.12.214 at network perimeter and monitor for additional scanning from related infrastructure
Review and restrict external exposure of SMB (port 445), RDP, and other services identified in scanning attempts
Implement enhanced logging and alerting for multi-protocol scanning patterns targeting multiple services within short timeframes
Conduct internal assessment of services running on non-standard ports, particularly port 2200, to reduce attack surface
Deploy network segmentation controls to limit lateral movement potential if reconnaissance leads to successful compromise

medium SMB_SCAN smb:445

666f7820