IOC Radar
IPMediumSignal 32/100

176.65.139.205

Location
United KingdomUnited Kingdom
Eygelshoven, Limburg
ASN
AS214472
Storm Industries
First Seen
Jan 27, 2025
Last Seen
Jun 2, 2026
Jan 27
First Seen
503d ago
Jun 2
Last Seen
12d ago
19
Reports
source reports
32%
Confidence
medium
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
32%
Signal Score
32 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

45 techniques

Network Information

CountryGBUnited Kingdom
RegionEygelshoven, Limburg
ASNAS214472
OrganizationStorm Industries

Feed Intelligence Summary

19 reports32% confidence
19
Source reports
32%
Confidence score
Category tags
abuseaccessaccess controlactive scanactive scanningadbhoney activityadbhoney honeypotagent teslaasiaasyncratattackaustraliabad reputationbankingbotnetbotnet activitybrute forcebrute force attackcisco devicecommand and controlcommunication protocolcompromised credentials attemptcowriecowrie activitycowrie attackcowrie honeypotcredential accesscredential harvestingcredential stuffingcredentialaccesscredit card servicescryptocurrencycryptocurrency threatscryptojackingctadata exfiltrationdata store exposureddosdedecoy systemdenial of servicedevice managementdionaea activitydionaea attackdionaea honeypotdistributed attacksemailemailattackenterprise networkingenterprise securityeuropeexploitation activityfinancefinance and insurancefinancial servicesfinancial technologyftp brute forcegbgermanygithubgroupshoneytrap activityhoneytrap honeypotidentity & access exploitationimapindicatorindonesiainformation gatheringinjection activityiocslamplamp attacklamp stack attacklateral movementlogin attemptsmailoney activitymailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemexicomozimozi linknetworknetwork enumerationnetwork infrastructurenetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnorth americaoceaniapassword attackpassword attackspatch managementpayment processingphishingphishing attackphishing trappotential malicious activitypotential malware distributionprocess injectionpythonransomwarereconnaissanceremcos trojanremote accessremote access trojanremote servicesresearchedresource hijackingscannerscanning activityscriptscripting attackssecurity policysentrypeer activitysentrypeer botnetservice enumerationsftpsftp activitysftp attacksip scanningslugsmtpsmtp brute forcesocial engineeringsocradar honeypotsoftware vulnerabilitiessshssh attackssh monitoringsurface webt1021t1021.001t1021.002t1021.003t1021.004t1021.006t1040t1041t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1078t1078.001t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1195t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1589t1595t1595.001t1595.002t1595.003tannertanner attacktelecommunicationsthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotceunauthorized access attemptsunauthorized login attemptsunidentified attackerunited kingdomurlsurls httpsvoipvoip attackvulnerability scanwealth managementweb application attackweb attackweb exploitationweb scannerweekwsgi davwsgidav

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This IPv4 address has been identified as a significant Indicator of Compromise (IOC), carrying a noteworthy risk score of 31.8. Its pervasive inclusion across a multitude of respected threat intelligence platforms, such as AbuseIPDB, AlienVault OTX Feeds, CISA AIS, and various SOCRadar services, strongly indicates its role in potentially malicious activities. The consistent reporting of this IP address suggests it acts as infrastructure for adversarial operations, potentially involved in scannin…

Threat ScoreLow Risk
32
SIGNAL
Signal Score
32%
Confidence
19
Reports
First seenJan 27, 2025
Last seenJun 2, 2026
GeolocationGB
CountryUnited Kingdom
LocationEygelshoven, Limburg
ASNAS214472
OrgStorm Industries
Coords51.2993, 9.4910

VirusTotal

Not checked

WHOIS

description
2025-02-07T22:35:19.006Z Honeypot : Tanner : Source: 176.65.139.205 : Port: 80 Post Data: {'response': {'message': {'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}, 'sess_uuid': 'aca733f5-9814-4473-82e0-5f7b8ab57590'}}, 'version': '0.6.0'}
raw
inetnum: 176.65.128.0 - 176.65.159.255 netname: DE-ZEXOTEK-20110610 country: DE org: ORG-ZIG1-RIPE admin-c: ZR319-RIPE tech-c: ZR319-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-by: MNT-ZEXOTEK mnt-routes: MNT-ZEXOTEK created: 2015-09-23T12:53:19Z last-modified: 2017-01-15T21:02:15Z source: RIPE # Filtered organisation: ORG-ZIG1-RIPE org-name: ZeXoTeK IT-Services GmbH country: DE org-type: LIR address: Hauptstrasse 29 address: 76891 address: Erlenbach address: GERMANY geoloc: 49.1112 -7.8596 phone: +4963981360010 fax-no: +4963981360011 mnt-ref: MNT-ZEXOTEK mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: MNT-ZEXOTEK abuse-c: AMOT1-RIPE created: 2011-02-22T10:43:03Z last-modified: 2021-01-01T08:01:32Z source: RIPE # Filtered role: NX4 ROLE address: Hauptstrasse 29, 76891 Erlenbach, GERMANY admin-c: JW316-RIPE tech-c: JW316-RIPE nic-hdl: ZR319-RIPE mnt-by: MNT-ZEXOTEK created: 2011-02-23T17:52:05Z last-modified: 2017-04-23T14:10:55Z source: RIPE # Filtered
references
https://any.run/malware-trends/, https://urlhaus.abuse.ch/, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 12 days ago
Appeared in 19 threat reports