IPMediumSignal 29/100

`37.19.221.171`

Location

United States

Houston, Texas

ASN

AS212238

Cdnext HOU

First Seen

May 27, 2024

Last Seen

Jun 2, 2026

May 27

First Seen

756d ago

Jun 2

Last Seen

20d ago

Reports

source reports

29%

Confidence

medium

1/91

VirusTotal

detections

Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

29%

Signal Score

29 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

30 techniques

Network Information

Country

United States

RegionHouston, Texas

ASNAS212238

OrganizationCdnext HOU

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

8 reports29% confidence

Source reports

29%

Confidence score

Category tags

abuseaccessaccess controlaccount discoveryaccount profilingaccount takeoveractive scanactive scanningattackauthenticationautomated attackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcebruteforcecanadacommand and controlcowriecredential accesscredential stuffingdata exfiltrationdata store exposureddosdenial of servicedionaeadistributed attacksencryptionexploitation activityfattfortiosftp brute forcegroupshackinghttp scanninghttps scanningidentity & access exploitationinformation technologyinjection activityipv4it infrastructuremalicious activitymalicious softwaremalwaremobile threatmonthlynetworknetwork enumerationnetwork scanningnetwork securitynorth americap0fpassword attackpassword attackspossible malware probingprocess injectionprotocol exploitationproxyransomwarereconnaissanceremote accessremote servicesresearchedscannerscriptsecurity operationssensor-taggedslugsmb scanningsocradar honeypotsoftware developmentssh attackssl vpnsurface webt1021t1021.001t1040t1055t1059t1071.001t1078t1078.001t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1565t1567t1595t1595.001t1595.002t1595.003tannertelnet threatthreat actorthreat intelligencetor nodetpotunauthorized accessunited statesusvpnvpn ipweb application attackweb exploitation

Activity Timeline

1 total obs

Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address `37.19.221.171`, represents a significant threat primarily associated with malicious reconnaissance, brute-force attacks, and exploitation attempts. Its consistent flagging across multiple reputable threat intelligence feeds, combined with a score of 29.23778210259178, underscores its potential for active hostile engagement. The IP has been linked to activities such as password guessing, exploiting public-facing applications, and VPN brute-forc…

Threat ScoreLow Risk

SIGNAL

Signal Score

29%

Confidence

Reports

First seenMay 27, 2024

Last seenJun 2, 2026

GeolocationUS

CountryUnited States

LocationHouston, Texas

ASNAS212238

OrgCdnext HOU

Coords43.6319, -79.3716

VPN

VirusTotal

1/ 91vendors flagged

1% detection rateJun 2, 2026

WHOIS

description: Seen in CiscoASA honeypot logs within the configured window. request: GET /+CSCOE+/logon.html HTTP/1.1" 302 - geo: US; ASN 212238 (Datacamp Limited)
raw: NetRange: 37.0.0.0 - 37.255.255.255 CIDR: 37.0.0.0/8 NetName: RIPE-37 NetHandle: NET-37-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2010-11-30 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/37.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
references: https://github.com/telekom-security/tpotce

`37.19.221.171`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey