IOC Radar
IPMediumSignal 86/100

176.65.137.13

Location
MoroccoMorocco
Agadir, Souss-Massa
First Seen
Feb 15, 2025
Last Seen
Mar 31, 2026
Feb 15
First Seen
483d ago
Mar 31
Last Seen
74d ago
26
Reports
source reports
86%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
86%
Signal Score
86 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

77 techniques

Network Information

CountryMAMorocco
RegionAgadir, Souss-Massa
OrganizationREDOUAD

Feed Intelligence Summary

26 reports86% confidence
26
Source reports
86%
Confidence score
Category tags
abuseaccess controlaccount discoveryaccount profilingaccount takeoveractive scanactive scanningadbhoney honeypotahmythamadeyapkaptarmasciiasyncratattackbackdoorbad reputationbase64base64-loaderbatbitbucketblankgrabberbookingbotnetbotnet activitybotnet iocsbotnet miraibotnetdomainbraodobrute forcebrute force attackc2c2 communicationcensyscertclipboardhijackercnccobaltstrikecode injectioncoinminercommand & controlcommand and controlcommand executioncommunication protocolcompromise ipv4compromised credentialscompromised hostcompromised systemconnected devicescowriecowrie honeypotcowrie honeypot datacredential accesscredential harvestingcredential stuffingcredentialscryptocurrencyctadarkclouddarktortilladarkvisionratdata encryptiondata exfiltrationdata store exposuredbatloaderdcratddosddos attackddos attacksddosagentdedecoy systemdevice managementdionaea honeypotdionaea malware collectiondistributed attacksdlldocdropped-by-amadeydropped-by-lummastealerelfencodedencryptioneuropeexeexecutable fileexploit attemptexploitationexploitation activityextensionextortionfakeappfakecaptchafakemp3ftp brute forcegafgytgermanygetshellgithubgobackdoorgodloadergreedgs-25 seriesguloaderhajimehasheshavochijackloaderhtahtmlidentity & access exploitationindicatorindustrial iotinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinternet of thingsintrusion detectioniociocsiot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attackipv4ipv4 portjava-bytecodejpg-base64-loaderkaijil3monlinuxlinux malwarelnkloaderloginlokilummastealermachomailoney honeypotmain-modulemalicious activitymalicious code detectionmalicious linksmalicious network activitymalicious powershell activitymalicious softwaremalicious sshmalicious url disseminationmalwaremalware behaviourmalware capturemalware infectionmanualmatanbuchusmeduzastealermeterpreterminermipsmirai botnetmobile threatmodiloadermoobotmozimsimultiratmysqlnetherlandsnetworknetwork attacksnetwork intrusionnetwork intrusion attemptnetwork probingnetwork scanningnetwork securitynetwork service scanningnginxnjratopen directory exposureopendirparaguaypassword attackspdfphishingphishing attackphishing trappinkpolcertprocess injectionprotocol exploitationps1pythonpythonstealerqbotquasarratraccoonclipperransomwarerarratreconnaissanceredlinestealerremcosratremote accessresearchedresource hijackingrev-base64-loaderrustystealersaint helena, ascension and tristan da cunhascams & fraudscanscannerscriptscripting attacksscripting languagesecurity policysentrypeer botnetserverservice scansftpsftp attacksftp exploit attemptshell accessshellcodesip brute forcesliverslugsmart devicessmartloadersmoke loadersocial engineeringsocial mediasshssh attackssh monitoringsshdkitstealcstealerstegosurface websystem disruptionsystembct1005t1016t1016.001t1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1053t1055t1056.001t1059t1059.001t1059.004t1059.005t1059.007t1071t1071.001t1078t1078.004t1086t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1192t1203t1204t1204.001t1204.002t1486t1490t1496t1497t1497.001t1498t1499t1499.001t1499.002t1499.003t1547t1555t1555.003t1562t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1573t1573.001t1583t1584t1587.001t1588t1588.002t1589t1590.001t1592t1595t1595.001t1595.002t1595.003t1598t1598.003t1608tannertcp protocoltelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontoggletor nodetriadatrojan malwaretsunamiturkeytwitterua-wgetunauthorized access attemptvbsvidarvipkeyloggervoipvoip attackweb application exploitationweb developmentweb exploitationweb securitywsgidavxenoratxloaderxml-opendirxmrigxorxorbotxwormzip

Activity Timeline

1 total obs
Mar 31Mar 31

Threat Activity Heatmap

· Peak: 2026-03-31
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
86
SIGNAL
Signal Score
86%
Confidence
26
Reports
First seenFeb 15, 2025
Last seenMar 31, 2026
GeolocationMA
CountryMorocco
LocationAgadir, Souss-Massa
OrgREDOUAD
Coords51.2993, 9.4910

VirusTotal

Not checked

WHOIS

description
2025-03-31T09:33:49.126Z Honeypot : Adbhoney : EventID/src_ip/src_url: adbhoney.command.input176.65.137.13
raw
inetnum: 176.65.137.0 - 176.65.137.255 netname: REDOUAD-NET1 country: MA admin-c: RS27812-RIPE tech-c: RS27812-RIPE abuse-c: SA43590-RIPE status: ASSIGNED PA mnt-by: MNT-ZEXOTEK created: 2025-08-19T05:26:30Z last-modified: 2025-08-19T05:26:30Z source: RIPE person: redouad skitiwi address: ths low nu 5 119, 80000 agadir, morocco phone: +661778801 nic-hdl: RS27812-RIPE mnt-by: MNT-ZEXOTEK created: 2024-12-23T14:44:43Z last-modified: 2024-12-23T14:44:43Z source: RIPE # Filtered route: 176.65.137.0/24 origin: AS150179 mnt-by: MNT-ZEXOTEK created: 2025-08-19T05:25:36Z last-modified: 2025-08-19T05:25:36Z source: RIPE
references
https://threatfox.abuse.ch/export/csv/recent/, https://1275.ru/ioc/gs-25-17111-mirai-botnet-iocs_10627, https://1275.ru/ioc/reindex-5-mirai-botnet-iocs_10623, https://1275.ru/ioc/gs-25-16110-mirai-botnet-iocs_10610, https://1275.ru/ioc/gs-25-16108-mirai-botnet-iocs_10596, https://1275.ru/ioc/gs-25-16107-mirai-botnet-iocs_10586, https://1275.ru/ioc/gs-25-16106-mirai-botnet-iocs_10448, https://1275.ru/ioc/gs-25-16105-mirai-botnet-iocs_10442, https://1275.ru/ioc/gs-25-16104-mirai-botnet-iocs_10418, https://1275.ru/ioc/gs-25-15101-mirai-botnet-iocs_10391, https://1275.ru/ioc/gs-25-15100-mirai-botnet-iocs_10375, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://urlhaus.abuse.ch/browse/, https://github.com/telekom-security/tpotce, https://1275.ru/ioc/gs-611-mirai-botnet-iocs_9437, https://1275.ru/ioc/gs-614-mirai-botnet-iocs_9526, https://1275.ru/ioc/gs-615-mirai-botnet-iocs_9537, https://x.com/skocherhan/status/1890954465945034861, https://x.com/skocherhan/status/1890975934271926310, https://x.com/skocherhan/status/1890978843046945277, https://x.com/skocherhan/status/1890993046835077390, https://x.com/skocherhan/status/1891005542698512783, https://x.com/skocherhan/status/1891008916969894004, https://x.com/skocherhan/status/1891031728610763110, https://x.com/skocherhan/status/1891037419031384430, https://x.com/skocherhan/status/1891048297088917648, https://x.com/skocherhan/status/1891054574082920674, https://x.com/skocherhan/status/1891058288957001956, https://x.com/skocherhan/status/1891060418170257778

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 26 threat reports