IOC Radar
IPMediumSignal 92/100

159.253.120.224

Location
Moldova, Republic ofMoldova, Republic of
Amsterdam, Chisinau
ASN
AS200019
Alexhost SRL
First Seen
May 26, 2026
Last Seen
Jun 6, 2026
May 26
First Seen
24d ago
Jun 6
Last Seen
12d ago
13
Reports
source reports
92%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
92%
Signal Score
92 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryMDMoldova, Republic of
RegionAmsterdam, Chisinau
ASNAS200019
OrganizationAlexhost SRL

Feed Intelligence Summary

13 reports92% confidence
13
Source reports
92%
Confidence score
Category tags
abuseabusech-urlhaus-c2cactive scanarmbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackerbrute-forcec2command & controlcowrieddosddos attackdedionaeaelfeuropeexecutable fileexploitexploitation activityexploited hostfattgermanyhackingindicatoriot securityiot targetedmalicious ipmiraimoldova, republic ofnetworkp0fphishingportscanransomwareresearchedscanscannerscannerssensor-taggedservice scansocradar honeypotspamsshtannertcptpotua-wgetvulnerability scanvulnerability-exploitationvultrweb app attackweb spam

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
92
SIGNAL
Signal Score
92%
Confidence
13
Reports
First seenMay 26, 2026
Last seenJun 6, 2026
GeolocationMD
CountryMoldova, Republic of
LocationAmsterdam, Chisinau
ASNAS200019
OrgAlexhost SRL
Coords47.0060, 28.8567

VirusTotal

Not checked

WHOIS

description
Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 159.253.120.224 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1); AbuseIPDB (brute-force, critical, exploited-host).
raw
inetnum: 159.253.120.128 - 159.253.120.255 org: ORG-AS895-RIPE netname: AlexHost country: MD admin-c: SZ3268-RIPE tech-c: SZ3268-RIPE status: ASSIGNED PA mnt-by: IPSMAIN created: 2022-09-20T13:12:04Z last-modified: 2022-09-20T13:12:04Z source: RIPE mnt-domains: IPSMAIN mnt-domains: CLOUDATAMD-MNT mnt-lower: CLOUDATAMD-MNT mnt-routes: CLOUDATAMD-MNT mnt-routes: IPSMAIN organisation: ORG-AS895-RIPE org-name: ALEXHOST SRL org-type: OTHER address: str. C. Brancusi nr. 3, Chisinau, Moldova abuse-c: AR18916-RIPE mnt-ref: FREENET-MNT mnt-ref: IPSMAIN mnt-ref: FIRSTDC-MNT mnt-by: IPSMAIN created: 2021-02-08T19:58:24Z last-modified: 2025-09-25T13:06:05Z source: RIPE # Filtered person: AlexHost SRL address: str. Constantin Brancusi nr. 3, Chisinau, Moldova phone: +37379600002 nic-hdl: SZ3268-RIPE mnt-by: CLOUDATAMD-MNT created: 2014-03-21T14:17:01Z last-modified: 2023-03-03T08:12:53Z source: RIPE # Filtered route: 159.253.120.0/24 origin: AS200019 mnt-by: VPLAB-MNT created: 2022-09-17T11:24:32Z last-modified: 2022-09-17T11:24:32Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 24 days ago · Last seen 12 days ago
Appeared in 13 threat reports