IOC Radar
IPMediumSignal 47/100

176.65.138.192

Location
FranceFrance
Paris, England
ASN
AS198584
NET
First Seen
Feb 5, 2025
Last Seen
Apr 7, 2026
Feb 5
First Seen
494d ago
Apr 7
Last Seen
67d ago
13
Reports
source reports
47%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
47%
Signal Score
47 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

49 techniques

Network Information

CountryFRFrance
RegionParis, England
ASNAS198584
OrganizationNET

Feed Intelligence Summary

13 reports47% confidence
13
Source reports
47%
Confidence score
Category tags
abuseaccessactive scanactive scanningadbhoney honeypotapplication layer protocolattackauthentication attackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute_forcecommand and controlcommunication protocolconpot honeypotcowriecowrie activitycowrie attackcowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingcredential_accessctadata exfiltrationdata store exposuredatabase attackdatabase probingdatabase securitydedecoy systemdionaeadionaea activitydionaea attackdionaea honeypotdionaea malwaredistributed attackselasticpot dataelasticpot honeypotelasticsearch monitoringemaileuropeexploit probingexploitationexploitation activityexploitation attemptftp brute forceftp scanningftp_brute_forcegbgermanygithubgroupsheralding protocol abusehoneytrap honeypotics securityidentity & access exploitationimapindicatorindustrial control systemsinitial accessinjection activityiot device targetingiot securityiot/ics attackipphoney honeypotlamplamp exploitation attemptslamp stack targetinglateral movementmailoney honeypotmalicious activitymalicious activity detectedmalicious code detectionmalicious payload detectionmalicious softwaremalwaremalware behaviourmalware capturemalware hostingnetherlandsnetworknetwork intrusion attemptnetwork intrusion attemptsnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork_intrusionnetwork_reconnaissancenorth americapassword attackspassword crackingphishingphishing attackphishing trappotential malware downloadprocess injectionprotocol_enumerationpythonransomwarereconnaissanceredis honeypotremote servicesremote_accessresearchedresource hijackingscannerscanning activityscriptscripting attackssentrypeer activitysentrypeer botnetservice enumerationservice scansftpsftp activitysftp attacksipsip attackssip brute forcesip enumerationsip scanningsip vulnerability scanningsip_attackslugsmtpsmtp scanningsocial engineeringsocradar honeypotsshssh attackssh monitoringssh_brute_forcesurface webt1016t1021t1021.002t1040t1041t1046t1053t1053.005t1055t1059t1059.001t1059.004t1059.007t1068t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1555t1565t1566.001t1566.002t1566.003t1566.004t1589t1590t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencetor nodeunauthorized accessunauthorized access attemptunited kingdomunited statesvoipvoip attackvulnerability scanweb application scanningweb attackweb exploitation

Activity Timeline

1 total obs
Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address with a significant score of 46.74 and no whitelist status, represents a clear and present danger to organizational security. Its presence indicates potential malicious activity, including network scanning, brute force attacks, command and control communication attempts, and possible resource hijacking. If this IOC is observed within the environment, it suggests an active threat that could lead to unauthorized access, data exfiltration, system c…

Threat ScoreMedium Risk
47
SIGNAL
Signal Score
47%
Confidence
13
Reports
First seenFeb 5, 2025
Last seenApr 7, 2026
GeolocationFR
CountryFrance
LocationParis, England
ASNAS198584
OrgNET
Coords51.2993, 9.4910

VirusTotal

Not checked

WHOIS

description
2025-04-28T16:31:51.095Z Honeypot : ElasticPot : Source: 176.65.138.192 : Port: 9200 Event Type: Scan
raw
inetnum: 176.65.138.0 - 176.65.138.255 netname: NET country: MA admin-c: SS41293-RIPE tech-c: SS41293-RIPE status: ASSIGNED PA mnt-by: MNT-ZEXOTEK created: 2025-08-23T16:59:19Z last-modified: 2025-08-23T16:59:19Z source: RIPE person: SOTRADIMEX SARL address: 02 Place of Kuweit first floor N4, Po box 90000, Tanger phone: +212000000 nic-hdl: SS41293-RIPE mnt-by: MNT-ZEXOTEK created: 2025-08-23T16:58:26Z last-modified: 2025-08-23T16:58:26Z source: RIPE # Filtered route: 176.65.138.0/24 origin: AS198584 mnt-by: MNT-ZEXOTEK created: 2025-08-23T16:53:14Z last-modified: 2025-08-23T16:53:14Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 13 threat reports