45.84.107.33 — QuxLabs AB, SE — Very High (90%)

Check an IP Address, Domain Name, Subnet, or ASN

45.84.107.33 was found in our database!

Confidence Level

90%

Very High?

Geolocation

🇸🇪

Sweden

ISPQuxLabs AB

ASNAS214503

NetworkTor Exit Node

Activity Timeline

First seenJan 21, 2026, 06:06 PM

Last seen23h ago

85Sessions

642Events

Protocol Breakdown

POSTGRES

64 / 610

SSH

16 / 25

TELNET

2 / 4

SMB

2 / 2

HTTP

1 / 1

45.84.107.33 has a very high threat confidence level of 90%, originating from Sweden, on the QuxLabs AB network (214503), This IP is a known Tor exit node. It has been observed across 85 sessions targeting POSTGRES, SSH, TELNET, SMB, HTTP, with detected attack patterns including postgres copy from program execution chain, smb authenticated rpc service and account enumeration, First observed on January 21, 2026, most recently active March 2, 2026.

Behaviors

Classified behavioral patterns observed

Postgres Copy From Program Execution Chain

very_high1x

Represents a complete, tightly scoped PostgreSQL exploitation chain where a client initiates a transaction, fingerprints the server version, prepares a temporary table, executes an external system command via COPY FROM PROGRAM, retrieves the command output, and immediately cleans up by dropping the table. This sequence is highly characteristic of automated post-authentication exploitation tooling that abuses PostgreSQL’s trusted language and program execution features for one-shot remote command execution, output capture, and minimal on-disk footprint. The rapid execution and cleanup indicate intent to execute payloads rather than interact with the database as a datastore.

Smb Authenticated Rpc Service And Account Enumeration

high1x

Identifies an SMB session where the IPC$ share is accessed and RPC bindings are established to the SAMR and SRVSVC interfaces via named pipes. The combination of IPC$ access, SAMR RPC binding (Security Account Manager Remote), and SRVSVC pipe interaction indicates authenticated enumeration of user accounts, groups, shares, or service information on a Windows host. This behavior reflects structured post-authentication reconnaissance against Windows systems rather than unauthenticated share scanning.

Primitives

Individual actions observed

Smb Root Read2 Smb Srvsvc Rpc Bind2 Smb Ipc Share Access2 Smb Samr Rpc Bind1 Smb Empty Rpc Call1 Postgres Drop Table1 Smb Srvsvc Pipe Open1 Smb Data Share Access1 Sql Transaction Begin1 Postgres Drop Table If Exists1 Ssh Password Authenthication.1 Postgres Select Table Contents1 Postgres Create Table Cmd Output1 Postgres Version Probe Lowercase1 Postgres Version Probe Lowercase No ;1 Postgres Copy From Program Background Execution1 Http Multipart Nextjs Proto Constructor Pollution Probe1 Http Multipart Nextjs Child Process Execsync Rce Attempt1

Related Threats

Explore related threat intelligence

🇸🇪More threats fromSweden ASMore threats fromQuxLabs AB POSTGRESMore threats targetingPOSTGRES SSHMore threats targetingSSH TELNETMore threats targetingTELNET SMBMore threats targetingSMB HTTPMore threats targetingHTTP { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
45.84.107.172	97%	627
45.84.107.74	99%	859
45.84.107.17	93%	706
45.84.107.128	95%	923
45.84.107.101	95%	573

IP Address	Confidence	Events
195.128.241.207	43%	153
82.196.106.164	54%	368
46.59.93.200	50%	394
217.209.97.102	60%	654
83.227.140.125	54%	387