IPMediumSignal 28/100
37.19.196.65
Location
United StatesNew York, New York
ASN
AS212238
Cdnext NYC
First Seen
Jun 8, 2022
Last Seen
Jun 4, 2026
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
28%
Signal Score
28 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionNew York, New York
ASNAS212238
OrganizationCdnext NYC
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
10 reports28% confidence
10
Source reports
28%
Confidence score
Category tags
account compromiseactive scanactive scanningaddressaddsadministrative accessadministratoralg7c4 usernameanna paulaarctic wolfatom siloauthentication attacksazure appbotnetbotnet activitybrute forcebrute force attackcertchoppercloud infrastructurecloud securitycommand and controlcredential accesscredential harvestingcredential stuffingcsvdata encryptiondata exfiltrationdata store exposuredefense evasiondesktopdistributed attacksed8x4k usernameencryptionevoxtexploitexploitation activityexternal remote servicesextortionfrom emailg0xgey usernamegeneratedgujhmk usernameheadershttps httpsetidentity & access exploitationimpactinformation technologyinfrastructure acquisitionreconnaissanceinjection activityiocipv4 addressit infrastructurelabslimitedlocallockbitmail system attackmalicious softwaremalspam emailmalwaremanualmgmtipsmsi filenetworknetwork reconnaissancenetwork scanningnorth americapassword attacksphishingphishing attackprivilege escalationprocess injectionproxypvnw81 usernameransomwarereconnaissanceremote accessremote code executionresearchedrootscanning activitysecurity operationssecurity servicesservicesocial engineeringsoftware developmentspamssl vpnstefansynacktivsystem disruptiont1012t1016t1021t1047t1055t1059t1068t1070t1071t1071.001t1078t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204.002t1486t1490t1496t1499.002t1499.003t1562t1565t1566t1566.001t1566.002t1566.003t1587.001t1590.001t1595t1595.001t1595.002t1595.003textthreat actorthreat intelligencetor nodetrashturkeyunited statesusvdomvpnvpn accessvpn clientvpn sslvulnerabilityvulnerability scanweb managementwebshellwolfypda8a usernamezip archive
Activity Timeline
Jun 4Jun 4
Threat Activity Heatmap
· Peak: 2026-06-04LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
28
SIGNAL
Signal Score
28%
Confidence
10
Reports
First seenJun 8, 2022
Last seenJun 4, 2026
GeolocationUS
CountryUnited States
LocationNew York, New York
ASNAS212238
OrgCdnext NYC
Coords40.7123, -74.0068
VPN
VirusTotal
Not checked
WHOIS
- description
- CC=US ASN=AS212238 datacamp limited
- raw
- NetRange: 37.0.0.0 - 37.255.255.255 CIDR: 37.0.0.0/8 NetName: RIPE-37 NetHandle: NET-37-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2010-11-30 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/37.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
- references
- https://medium.com/inthecyber-posts/exposed-fortinet-fortigate-firewall-interface-leads-to-lockbit-ransomware-cve-2024-55591-de8fcfb6c45c, CVE-2025-24472_IOC.csv, https://fortiguard.fortinet.com/psirt/FG-IR-24-535, https://cybersecuritynews.com/fortinet-zero-day-vulnerability-cve-2024-55591/, https://www.fortiguard.com/psirt/FG-IR-24-535, https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/, 2021-09-21-Curriculo-IOCs.txt, https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html, https://github.com/volexity/threat-intel/blob/main/2022/2022-06-02%20Active%20Exploitation%20Of%20Confluence%200-day/indicators/indicators.csv, https://github.com/volexity/threat-intel/blob/main/2022/2022-06-02%20Active%20Exploitation%20Of%20Confluence%200-day/indicators/yara.yar, https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/, https://github.com/sophoslabs/IoCs/blob/master/ransomware_atomsilo.csv, https://www.fortiguard.com/threat-signal-report/4172/atom-silo-ransomware-actor-leverages-confluence-vulnerability, https://www.fortinet.com/blog/threat-research/recent-attack-uses-vulnerability-on-confluence-server, https://www.cisa.gov/uscert/ncas/current-activity/2022/06/02/atlassian-releases-security-updates-confluence-server-and-data
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 18 days ago
Appeared in 10 threat reports