IOC Radar
IPMediumSignal 95/100

176.65.139.42

Location
NetherlandsNetherlands
Eygelshoven, Limburg
ASN
AS214472
Storm Industries
First Seen
Jan 30, 2026
Last Seen
Jun 4, 2026
Jan 30
First Seen
132d ago
Jun 4
Last Seen
7d ago
19
Reports
source reports
95%
Confidence
medium
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
95%
Signal Score
95 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Network Information

CountryNLNetherlands
RegionEygelshoven, Limburg
ASNAS214472
OrganizationStorm Industries

Feed Intelligence Summary

19 reports95% confidence
19
Source reports
95%
Confidence score
Category tags
abuseabusech-threatfox-c2cabusech-urlhaus-c2cacceptacrstealeractive scanactive scanningamadeyandroidanzapkaptarchivearmas214472asciiasciiiasiaasyncratattackbad reputationbad web botbanking-trojan-frontendbase64base64-loaderbatbendigobeyondbotnetbotnet activitybotnetdomainbratbridgebrute forcebrute force attackerbrute-forcec2c2 commandc2 domainc2 ipcensyschacha20chatgptchromeelevatorchromelevatorchstealerclosecode injectioncoinminercommand & controlcommand executioncommbankcontagiousinterviewcountloadercowriecowrie honeypotcredential harvestingcredential stuffingcryptocurrencycryptojackerdattormmddosddos attackddos attacksdecoy systemdefense evasiondemodenial of servicedigital oceandionaeadionaea honeypotdlldomaindprkdropped-by-amadeydropped-by-phorpiexelfemotetencodedeuropeexeexecutable fileexploitexploitation activityexploited hostextensionfake_ssafattfiguregafgytgbgermanyghostsocksgithubgogotoresolveguloaderhackinghajimeheodohoneytrap honeypothsbchtaidentity & access exploitationindicatorinfostealerinjection activityinternet of thingsiot botnetiot securityiot targetediot/ics attackjackpotjarjsjwrlazaruslloydsloaderlocallodalulummalummastealerm68kmacsyncmailoney honeypotmalicious activitymalicious powershell activitymalwaremalware behaviourmalware capturemalware distribution activitymamontmarkgramstealermaskgramstealerminermipsmiraimirai botnetmobile threatmonero poolmozimsimutexnatwestnetblocknetherlandsnetworknjratnlnl tcpnovara1o1novashadowoffloaderoffshore lcopendiroperator socks5p0fpaasphantomstealerphishingphishing attackphishing trapping of deathpluginportscanpowerpcpowershellps1pureratpwn-pzpqantasquasarratransomwarerapidstealerrarratrbcreconnaissanceredtailremcosratresearchedresource hijackingrev-base64-loaderrisc-vrmmrustystealersaint helena, ascension and tristan da cunhasantastealerscams & fraudscannerscannersscrscriptscripting attackssensor-taggedsentrypeer botnetservice scanshsilentnetsilverfoxsliversmartloadersmoke loadersocial engineeringsocradarsocradar honeypotsparcsshssh attackssh monitoringstealcstealerstgeorgestopsuncorpsuperht1008t1027t1036t1057t1059t1059.001t1059.007t1070t1071t1071.001t1082t1086t1090t1105t1106t1119t1189t1190t1203t1204t1204.001t1204.002t1205t1210t1222t1489t1496t1498t1499t1499.001t1499.002t1562t1564t1566.001t1566.002t1566.003t1568t1571t1595t1595.001t1595.002t1595.003tadashitannertcp porttcp5555tcp80tempthreat actorthreat detectionthreat intelligencetofseetor nodetpotua-emptyua-mshtaua-wgetunc-pathunited kingdomunited statesvbsvenomratvenomstealervidarvietnamvltrig monerovoip attackvscodevulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb exploitationwestpacx86x86-32x86-64xmlxwormxworm ratzgratzigclipperzipzoom

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
95
SIGNAL
Signal Score
95%
Confidence
19
Reports
First seenJan 30, 2026
Last seenJun 4, 2026
GeolocationNL
CountryNetherlands
LocationEygelshoven, Limburg
ASNAS214472
OrgStorm Industries
Coords51.2993, 9.4910

VirusTotal

Not checked

WHOIS

raw
inetnum: 176.65.139.0 - 176.65.139.255 netname: PFCLOUD-NET org: ORG-SI335-RIPE country: NL admin-c: SNO38-RIPE tech-c: SNO38-RIPE status: ASSIGNED PA created: 2026-01-28T13:14:37Z last-modified: 2026-02-23T13:52:04Z source: RIPE mnt-by: MNT-ZEXOTEK organisation: ORG-SI335-RIPE org-name: Storm Industries org-type: OTHER address: United Kingdom, Aberdare mnt-ref: MNT-ZEXOTEK abuse-c: ACRO63650-RIPE mnt-ref: STORMINDUSTRIES-MNT created: 2026-02-21T21:08:51Z last-modified: 2026-02-22T13:44:07Z source: RIPE # Filtered mnt-by: STORMINDUSTRIES-MNT role: StormCloud Network Operations address: United Kingdoms, Aberdare abuse-mailbox: [email protected] nic-hdl: SNO38-RIPE mnt-by: STORMCLOUD-MNT created: 2026-02-21T21:02:21Z last-modified: 2026-02-22T01:23:53Z source: RIPE # Filtered route: 176.65.139.0/24 origin: AS214472 created: 2026-03-18T17:56:01Z last-modified: 2026-03-18T17:56:01Z source: RIPE mnt-by: MNT-ZEXOTEK route: 176.65.139.0/24 origin: AS51396 created: 2026-01-28T13:15:05Z last-modified: 2026-01-28T13:15:05Z source: RIPE mnt-by: MNT-ZEXOTEK
references
https://hunt.io/blog/xlabs-v1-ddos-for-hire-operation-exposed#Indicators_of_Compromise, https://urlhaus.abuse.ch/browse/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-05-06/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-06/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-05-06/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, IOCs-May1.csv, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-05-05/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-05/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-05-05/, https://hunt.io/blog/xlabs-v1-ddos-for-hire-operation-exposed, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-29/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 7 days ago
Appeared in 19 threat reports