IPMediumSignal 91/100
176.65.139.20
Location
NetherlandsEygelshoven, Limburg
ASN
AS214472
Storm Industries
First Seen
Jan 30, 2026
Last Seen
Jun 13, 2026
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
91%
Signal Score
91 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryNetherlands
NetherlandsRegionEygelshoven, Limburg
ASNAS214472
OrganizationStorm Industries
Feed Intelligence Summary
20 reports91% confidence
20
Source reports
91%
Confidence score
Category tags
.ai.netabuseabusech-urlhaus-c2cacceptaccount compromiseacrstealeractive scanactive scanningadbhoney honeypotagentalertalertsall ipv4amadeyamaterastealeranzapkappleaptarmarmadilloasciiasiaasyncratattackattack attemptaustraliaauthentication failureautomated attackautomated-attackav detectionsavast avgbackdoorbad reputationbad web botbanking-trojan-frontendbase64-loaderbatbendigoblocklist_allbotnetbotnet activitybotnet c2 communicationbotnetdomainbrute forcebrute force attackbrute force attackerbrute force attemptsbrute-forcebruteforcebuildidc2c2-communicationchromeelevatorchromelevatorcins activecisco brute forcecisco devicecisco exploitation attemptcisco exploitation attemptsck idck matrixclickcloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecode injectioncoinminercommandcommand & controlcommand and controlcommand decodecommand executioncommbankcommunication protocolcompromised hostcompromised systemscomspeccontacted domainscountrycowriecowrie datacowrie honeypotcowrie ssh attackcredential accesscredential harvestingcredential stuffingcryptocurrencycsc corporatedatadata encryptiondata exfiltrationdata store exposuredata uploadddosddos attackddos attacksdecoy systemdefense evasiondelphidenial of servicedevice managementdigital oceandigitalocean environmentdionaeadionaea honeypotdomainsdropped-by-amadeydropped-by-phorpiexdropperdshield blockdynamicloaderelfelf executableelf infoelf64emotetencodedencryptencryptionenterprise networkingenumerationerroret dropeuropeexeexec amd64executable fileexecutable-payloadexecution attexploitexploit attemptexploit targetingexploitationexploitation activityexploited hostexternal-scanningexternal-threatexternal_threatextraextra datafailedfake_ssafattflagformatftpftp brute forceftp brute-forcefuerygafgytgbgenericgermanygermany as8560githubguardguloaderhackinghajimeheodohighhistorical sslhoneytrap datahoneytrap honeypothsbchtahttp brute forcehttp scannerhttpshwp supporticmpidentity & access exploitationids detectionsinbound scaninclude reviewindicatorinfostealerinitial accessinitial access vectorinjection activityinput threatintelinternet facing systemsinternet of thingsinternet_scannersintrusion detectioniociocsiot botnetiot device targetingiot securityiot targetediot/ics attackipv4ipv4 addressesipv4-iocipv4_activityjarjscjwrkill-chain exploitationkill-chain reconnaissanceladvixlamplamp exploitation attemptslamp stack targetinglamp vulnerability scanlateral movementlearnlevellevel analysislinuxlisted sourcelloydsloadslodaloginlogin attacklogin attemptlokilow-risklowfilulummastealerm68kmailoney attackmailoney honeypotmalicious activitymalicious activity detectedmalicious email detectionmalicious ipmalicious network activitymalicious payloadmalicious payload detectionmalicious powershell activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware propagationmalware-botnetmalware-coinminermalware-loadermalware-ratmalware-stealermamontmarkgramstealermarkmonitormaskgramstealermassloggermetamipsmiraimirai botnetmitre attmobile threatmodelmozims windowsmshtamsimsiemssqlmulti-platform-threatnatwestnetherlandsnetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusion attemptsnetwork perimeternetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-discoverynetwork-reconnaissancenetwork_discoverynetwork_scannlnodejsnorth americao metadataoceaniaopendiropportunistic attackerosintp0fpaaspassword attackspathpe filepe32 executablephantomstealerphishingphishing attackphishing trappingping of deathpluginpoor reputationportportscanpowerpcpowershellprocess injectionprotoprotocol exploitationps1pureratpushpwn-pzppythonqantasqnapcryptquasarratransomransomwarerapidstealerrarratrbcreconnaissanceremcos trojanremcosratremote accessremote servicesresearchedresource hijackingrev-base64-loaderrisc-vrmmrmm-abuserustystealersaint helena, ascension and tristan da cunhasantastealersc datascams & fraudscanscannerscanner ipsscannersscanning activityscriptscript-based-malwarescripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionservice scansftp access attemptsftp attacksftp exploitation attemptshsilentnetsilverfoxsip brute forcesip scanningsmartloadersmoke loadersmtpsmtp probingsocial engineeringsocradarsocradar honeypotspamsparcspawnsspywaresshssh attackssh monitoringssl certificatestackstealcstealerstgeorgestringssummarysuncorpsuperhsweflagsysvt-pott1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1055t1057t1059t1059.001t1059.003t1059.004t1059.007t1063t1071t1071.001t1071.004t1076t1077t1078t1078.001t1086t1105t1110t1110.001t1110.002t1110.003t1110.004t1113t1119t1129t1133t1140t1187t1189t1190t1203t1204t1204.001t1204.002t1486t1496t1499.001t1499.002t1499.003t1518t1518.001t1553t1553.002t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1568t1568.002t1583t1583.001t1589t1590t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003tannertcptcp protocoltcp-scanningtelecommunicationstelnettelnet threattestpagingthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat_intelligencetitletofseetop destinationtop sourcetor nodetpottracetrojantrojandroppertwitterua-emptyua-wgetudp-scanningunc-pathunitedunited kingdomunited statesunixunknown threat actorusa windowsvbsvenomratvidarvietnamvipkeyloggervnc protocolvoipvoip attackvulnerability scanvulnerability-exploitationvultrvultr-platformvultr_platform_activityweb app attackweb application attackweb attackweb exploitationweb spamweb trafficwestpacwin32cuegoe aprwin32cve aprwin32cve yarawindirwindows ntwritewrite cwshratx86x86-32xmlxwormyara detectionsyara rulezip
Activity Timeline
Jun 13Jun 13
Threat Activity Heatmap
· Peak: 2026-06-13LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
91
SIGNAL
Signal Score
91%
Confidence
20
Reports
First seenJan 30, 2026
Last seenJun 13, 2026
GeolocationNL
CountryNetherlands
LocationEygelshoven, Limburg
ASNAS214472
OrgStorm Industries
Coords49.9148, -6.3111
VirusTotal
Not checked
WHOIS
- raw
- inetnum: 176.65.139.0 - 176.65.139.255 netname: PFCLOUD-NET org: ORG-SI335-RIPE country: NL admin-c: SNO38-RIPE tech-c: SNO38-RIPE status: ASSIGNED PA created: 2026-01-28T13:14:37Z last-modified: 2026-02-23T13:52:04Z source: RIPE mnt-by: MNT-ZEXOTEK organisation: ORG-SI335-RIPE org-name: Storm Industries org-type: OTHER address: United Kingdom, Aberdare mnt-ref: MNT-ZEXOTEK abuse-c: ACRO63650-RIPE mnt-ref: STORMINDUSTRIES-MNT created: 2026-02-21T21:08:51Z last-modified: 2026-02-22T13:44:07Z source: RIPE # Filtered mnt-by: STORMINDUSTRIES-MNT role: StormCloud Network Operations address: United Kingdoms, Aberdare abuse-mailbox: [email protected] nic-hdl: SNO38-RIPE mnt-by: STORMCLOUD-MNT created: 2026-02-21T21:02:21Z last-modified: 2026-02-22T01:23:53Z source: RIPE # Filtered route: 176.65.139.0/24 origin: AS214472 created: 2026-03-18T17:56:01Z last-modified: 2026-03-18T17:56:01Z source: RIPE mnt-by: MNT-ZEXOTEK route: 176.65.139.0/24 origin: AS51396 created: 2026-01-28T13:15:05Z last-modified: 2026-01-28T13:15:05Z source: RIPE mnt-by: MNT-ZEXOTEK
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 months ago · Last seen 14 days ago
Appeared in 20 threat reports