IOC Radar
IPMediumSignal 84/100

176.65.132.7

Location
NetherlandsNetherlands
Eygelshoven, Limburg
ASN
AS51396
VMHeaven.io
First Seen
Dec 3, 2025
Last Seen
Jun 12, 2026
Dec 3
First Seen
201d ago
Jun 12
Last Seen
9d ago
20
Reports
source reports
84%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

47 techniques

Network Information

CountryNLNetherlands
RegionEygelshoven, Limburg
ASNAS51396
OrganizationVMHeaven.io

IP Category

Proxy
Proxy server

Feed Intelligence Summary

20 reports84% confidence
20
Source reports
84%
Confidence score
Category tags
abuseabusech-threatfox-c2caccess controlaccount compromiseactive scanactive scanningadbhoney honeypotalienvault_ransomwareand botnet activityaptasyncratattackaustraliaautomated-huntbad reputationbad web botblacklist ipbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcebruteforcec2c2-infrastructurecensyscisco asacisco brute forcecisco devicecisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescobalt-strikecommand & controlcommand and controlcommunication protocolcowriecowrie honeypotcowrie ssh attackcredential accesscredential harvestingcredential stuffingcredential-harvestingcredential-theftcyber threat advisorydata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackddos attacksdedecoy systemdenial of servicedevice managementdictionary attackdigital oceandionaeadionaea honeypotdistributed attacksencryptionenterprise networkingenv-huntingeuropeexploitexploitationexploitation activityexploited hostextortionfattftpftp brute forcegermanyhackinghoneytrap datahoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationindicatorindicators of compromiseinfostealerinfrastructure scanninginitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniot botnetiot securityiot/ics attacklamplamp exploitation attemptslamp stack targetinglamp vulnerability scanlateral movementlogin bruteforcelummastealermailoney attackmailoney honeypotmalicious activitymalicious email detectionmalicious network activitymalicious payloadmalicious payload detectionmalicious scanmalicious softwaremalicious trafficmalwaremalware analysismalware behaviourmalware capturemirai botnetnetherlandsnetworknetwork attacksnetwork infrastructurenetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetworkscanningnginxnloceaniaopen proxyopenctiosint-volleyp0fpassword attackspattern-49pfcloudphishingphishing attackphishing trapping of deathportscanpotential compromiseprocess injectionproject_gifted1protocol exploitationproxyproxy protocolransomwareransomware threat intelligencereconnaissancereconnaissance activityredlineremote accessremote servicesresearchedresource hijackingscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionservice scansftp attacksip brute forcesip scanningsmtpsmtp probingsocial engineeringsocradar honeypotspamsshssh attackssh monitoringstealcstealersynsystem disruptiont1018t1021t1021.001t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1076t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1547t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1589t1592t1595t1595.001t1595.002t1595.003tannertcp protocoltcp scantelecommunicationstelnettelnet threatthreat actorthreat actor ttpsthreat detectionthreat intelligencethreat preventiontor nodetpotudp scanunauthorized accessunauthorized access attemptunknown-malwarevidarvoipvoip attackvulnerability scanvulnerability-exploitationweb app attackweb application attackweb attackweb exploitationweb spamweb trafficworker_strike

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
20
Reports
First seenDec 3, 2025
Last seenJun 12, 2026
GeolocationNL
CountryNetherlands
LocationEygelshoven, Limburg
ASNAS51396
OrgVMHeaven.io
Coords50.8933, 6.0580
Proxy

VirusTotal

Not checked

WHOIS

description
Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan. 176.65.132.7 classified as commodity attacker using automated exploitation tooling (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1).

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 6 months ago · Last seen 9 days ago
Appeared in 20 threat reports