IOC Radar
IPMediumSignal 68/100

176.65.132.3

Location
NetherlandsNetherlands
Eygelshoven, Limburg
ASN
AS51396
VMHeaven.io
First Seen
Jan 14, 2026
Last Seen
Apr 21, 2026
Jan 14
First Seen
157d ago
Apr 21
Last Seen
61d ago
14
Reports
source reports
68%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

47 techniques

Network Information

CountryNLNetherlands
RegionEygelshoven, Limburg
ASNAS51396
OrganizationVMHeaven.io

IP Category

Proxy
Proxy server

Feed Intelligence Summary

14 reports68% confidence
14
Source reports
68%
Confidence score
Category tags
abuseabusech-threatfox-c2caccess controlaccount compromiseactive scanactive scanningalienvault_ransomwareasyncratattackaustraliaauthentication attemptsautomated-huntbad reputationbad web botblacklist ipbotnetbotnet activitybrute forcebrute force attackbrute force attacksc2c2-infrastructurecanadacensyscisco devicecisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescobalt-strikecommand & controlcommand and controlcommunication protocolcowrie honeypotcredential accesscredential harvestingcredential stuffingcredential-theftcyber threat advisorydata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attacksdecoy systemdenial of servicedevice managementdigital oceandionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringencryptionenterprise networkingeuropeexploitexploit attemptexploitationexploitation activityexploited hostextortionfattftpftp brute forcegermanyhackinghoneytrap datahoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationindicatorindicators of compromiseinfostealerinfrastructure scanninginitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniot botnetiot securityiot targetediot/ics attacklamplamp stack targetinglateral movementlogin bruteforcelummastealermailoney honeypotmalicious activitymalicious scanmalicious softwaremalwaremalware analysismalware behaviourmalware capturemalware detectionmalware distributionmelbourne regionmirai botnetnetherlandsnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusion attemptsnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnorth americaoceaniaopenctiosint-volleyp0fpassword attackpassword attackspattern-49pfcloudphishingphishing attackphishing trapprocess injectionprotocol exploitationproxyproxy protocolransomwareransomware threat intelligencereconnaissancereconnaissance activityredlineremote accessremote servicesresearchedresource hijackingscanscannerscannersscanning activityscripting attackssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionservice enumerationservice scansftp attacksip brute forcesip scanningsmtpsocial engineeringsocradar honeypotspamssh attackssh monitoringstealcstealersynsystem disruptiont1021t1021.001t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1076t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1490t1496t1497t1499.001t1499.002t1499.003t1547t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1589t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor ttpsthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanudp scanunauthorized access attemptunited kingdomunknown threat actorunknown-malwarevidarvoipvoip attackvulnerability scanvultr infrastructure targetedweb application attackweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Apr 21Apr 21

Threat Activity Heatmap

· Peak: 2026-04-21
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
14
Reports
First seenJan 14, 2026
Last seenApr 21, 2026
GeolocationNL
CountryNetherlands
LocationEygelshoven, Limburg
ASNAS51396
OrgVMHeaven.io
Coords50.8933, 6.0580
Proxy

VirusTotal

Not checked

WHOIS

description
ip:port combination that is used for botnet Command&control (C&C)

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 months ago · Last seen 2 months ago
Appeared in 14 threat reports