IOC Radar
IPMediumSignal 83/100

37.19.221.152

Location
United StatesUnited States
Houston, Texas
ASN
AS212238
Cdnext HOU
First Seen
Dec 31, 2022
Last Seen
Jun 2, 2026
Dec 31
First Seen
1257d ago
Jun 2
Last Seen
9d ago
14
Reports
source reports
83%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
83%
Signal Score
83 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

30 techniques

Network Information

CountryUSUnited States
RegionHouston, Texas
ASNAS212238
OrganizationCdnext HOU

IP Category

VPN
VPN exit node

Feed Intelligence Summary

14 reports83% confidence
14
Source reports
83%
Confidence score
Category tags
abuseaccessaccess controlaccount discoveryaccount profilingaccount takeoveractive scanactive scanningalienvault_ransomwareapacheapache attackerattackauthenticationautomated attackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcebruteforcecanadacommand and controlcredential accesscredential stuffingdata exfiltrationdata store exposureddosdecoy systemdenial of servicedistributed attacksencryptionexploitation activityexploited hostfortiosftp brute forcegroupshackinghttp brute forceidentity & access exploitationinformation technologyinjection activityipv4it infrastructuremalicious activitymalicious softwaremalwaremobile threatnetworknetwork reconnaissancenetwork scanningnetwork securitynorth americapassword attackpassword attacksprocess injectionproxyransomwarereconnaissanceremote accessremote servicesresearchedscannerscriptsecurity operationsslugsoftware developmentssh attackssl vpnsurface websyn scant1021.001t1046t1055t1059t1071.001t1076t1078t1078.001t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1563t1565t1567t1595t1595.001t1595.002t1595.003tcp scanthreat actorthreat intelligencethreat-intelligencetor nodetpottsecudp scanunauthorized accessunited statesusvpnvpn ipweb app attackweb application attackweb exploitation

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The identification of IP address 37.19.221.152 as a high-scoring Indicator of Compromise (IOC) with a score of 83.49 and no whitelist status necessitates immediate attention due to its strong association with malicious activities. This IP has been widely reported across numerous threat intelligence feeds for its involvement in various hostile actions, including persistent brute-force attacks and network scanning. Such activity poses a significant risk for unauthorized access, credential compromi…

Threat ScoreHigh Risk
83
SIGNAL
Signal Score
83%
Confidence
14
Reports
First seenDec 31, 2022
Last seenJun 2, 2026
GeolocationUS
CountryUnited States
LocationHouston, Texas
ASNAS212238
OrgCdnext HOU
Coords43.6319, -79.3716
VPN

VirusTotal

Not checked

WHOIS

description
Score: 65/100. Labels: abuseipdb:minimal, abuseipdb:reported, cowrie, firehol:firehol_anonymous, firehol:firehol_proxies, firehol:listed. 37.19.221.152 classified as attacker with unclear intent (high confidence). Origin: enriched. Listed on: FireHOL (firehol_anonymous, firehol_proxies); AbuseIPDB (minimal, reported).
raw
NetRange: 37.0.0.0 - 37.255.255.255 CIDR: 37.0.0.0/8 NetName: RIPE-37 NetHandle: NET-37-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2010-11-30 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/37.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 9 days ago
Appeared in 14 threat reports