IOC Radar
IPMediumSignal 47/100

37.221.65.2

Location
Moldova, Republic ofMoldova, Republic of
Chisinau, Chișinău Municipality
ASN
AS200019
Alexhost SRL
First Seen
Dec 27, 2024
Last Seen
Apr 1, 2026
Dec 27
First Seen
544d ago
Apr 1
Last Seen
84d ago
10
Reports
source reports
47%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
47%
Signal Score
47 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

59 techniques

Network Information

CountryMDMoldova, Republic of
RegionChisinau, Chișinău Municipality
ASNAS200019
OrganizationAlexhost SRL

IP Category

Proxy
Proxy server

Feed Intelligence Summary

10 reports47% confidence
10
Source reports
47%
Confidence score
Category tags
abuseaccess controlactive exploitationactive scanactive scanningargument injectionattachment phishingauto-generated securityautomated emailbad reputationbankingbase64base64 encodingbecblacklist ipbotnetbotnet activitybrute forcebrute force attackbulk emailc2 communicationc2ipcertcgicgi modecommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcontrolcredential accesscredential harvestingcredential phishingcredential stuffingcredit card servicesdata exfiltrationdata store exposureddosddos attacksdecoy systemdenial of servicedestination managementdistributed attacksencoding conversioneurope/asiaexploitation activityfinancefinance and insurancefinancial servicesfinancial technologyftp brute forcehospitality serviceshttp brute forcehttp scanneridentity & access exploitationindicatorinjection activityinjection vulnerabilityinternet of thingsintrusion detectioniot botnetiot securityiot/ics attacklayered obfuscationlayered obfuscation techniqueslotlmalicious powershell activitymalicious scanmalicious softwaremalwaremdmirai botnetmoldova, republic ofnetworknetwork attacksnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securityon doperating systempasswordpassword attackspassword theftpayment fraudpayment processingphishingphishing attackphishing campaignprice requestprice request scamprocess injectionproxyproxy protocolqasar ratquasarquasar ratrcereconnaissancereconnaissance activityremote accessremote code executionremote servicesresearchedrussiarussian federationscams & fraudscanscannerscanning activityschedule themescheduled task abusescripting attacksscripting languagesecurity policysmb scanningsocial engineeringssh attacksyn scanningt1003t1003.001t1021.001t1027t1040t1046t1053.005t1055t1056t1057t1059t1059.001t1059.004t1059.007t1068t1069.001t1071.001t1076t1078t1078.001t1078.002t1078.004t1083t1086t1105t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1192t1202t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505t1505.003t1547.001t1563t1565t1566t1566.001t1566.002t1566.003t1588.002t1592t1595t1595.001t1595.002t1595.003t1598t1598.003tariff server compromisetariff server themetariffs servertcp protocoltcp scanningtelecommunicationsthreat intelligencethreat preventiontourism marketingtourist attractionstransportation servicestraveltravel agenciestravel bookingtravel experiencetravel technologyturkeyvulnerability scanwealth managementweb application attackweb application exploitationweb attackweb developmentweb exploitationweb scannerweb serverweb shellweb trafficwetransfer abusexmrigxmrig miner

Activity Timeline

1 total obs
Apr 1Apr 1

Threat Activity Heatmap

· Peak: 2026-04-01
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
47
SIGNAL
Signal Score
47%
Confidence
10
Reports
First seenDec 27, 2024
Last seenApr 1, 2026
GeolocationMD
CountryMoldova, Republic of
LocationChisinau, Chișinău Municipality
ASNAS200019
OrgAlexhost SRL
Coords55.7386, 37.6068
Proxy

VirusTotal

Not checked

WHOIS

raw
inetnum: 37.221.64.0 - 37.221.65.255 org: ORG-AS895-RIPE netname: AlexHost country: BG admin-c: SZ3268-RIPE tech-c: SZ3268-RIPE status: ASSIGNED PA mnt-by: IPSMAIN created: 2021-02-08T20:02:02Z last-modified: 2024-05-14T17:30:07Z source: RIPE mnt-domains: CLOUDATAMD-MNT mnt-lower: CLOUDATAMD-MNT mnt-routes: CLOUDATAMD-MNT organisation: ORG-AS895-RIPE org-name: ALEXHOST SRL org-type: OTHER address: str. C. Brancusi nr. 3, Chisinau, Moldova abuse-c: AR18916-RIPE mnt-ref: MNT-GLBTX mnt-ref: FREENET-MNT mnt-ref: IPSMAIN mnt-by: IPSMAIN created: 2021-02-08T19:58:24Z last-modified: 2022-03-09T16:27:19Z source: RIPE # Filtered person: AlexHost SRL address: str. Constantin Brancusi nr. 3, Chisinau, Moldova phone: +37379600002 nic-hdl: SZ3268-RIPE mnt-by: CLOUDATAMD-MNT created: 2014-03-21T14:17:01Z last-modified: 2023-03-03T08:12:53Z source: RIPE # Filtered route: 37.221.65.0/24 origin: AS200019 mnt-by: IPSMAIN created: 2023-10-18T15:29:58Z last-modified: 2023-10-18T15:29:58Z source: RIPE
references
https://www.bitdefender.com/en-us/blog/businessinsights/technical-advisory-update-mass-exploitation-cve-2024-4577

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 10 threat reports