IOC Radar
IPMediumSignal 92/100

176.65.139.66

Location
United KingdomUnited Kingdom
Eygelshoven, Limburg
ASN
AS214472
Storm Industries
First Seen
Jan 30, 2026
Last Seen
Jun 22, 2026
Jan 30
First Seen
144d ago
Jun 22
Last Seen
2d ago
20
Reports
source reports
92%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
92%
Signal Score
92 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

3 techniques

Network Information

CountryGBUnited Kingdom
RegionEygelshoven, Limburg
ASNAS214472
OrganizationStorm Industries

Feed Intelligence Summary

20 reports92% confidence
20
Source reports
92%
Confidence score
Category tags
abuseactive scanadbandroidapi-uxaptasiaattackattacker-ipbad reputationbad web botblocklistblocklist_allbotnetbotnet activitybrute forcebrute force attackerbrute-forcebruteforcecertcowriecredential stuffingcredential-harvestingddosddos attackdigital oceandionaeadropperenv-huntingeuropeeurope/asiaexploitexploitation activityexploited hostfattgalahgermanyhackinghttpidentity & access exploitationinbound scanindicatorinjection activityiot securityiot targetedkill-chain exploitationkill-chain reconnaissancelow-risklumalaysiamalicious ipmalwaremiraimobile threatnetherlandsnetworknginxnlopencanaryosintp0fphishingping of deathportscanransomwareraspberry-piresearchresearchedscanscannerscannerssensor-taggedservice scansocradar honeypotspamsql injectionsshssh attackssh-brutet1110.001t1595t1595.001tannertargeting databasetcptelnetthreat actorthreat intelthreat-inteltpotturkeyunited kingdomvoidtrapvulnerability scanvulnerability-exploitationvultrwazuhweb app attackweb spam

Activity Timeline

1 total obs
Jun 22Jun 22

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
92
SIGNAL
Signal Score
92%
Confidence
20
Reports
First seenJan 30, 2026
Last seenJun 22, 2026
GeolocationGB
CountryUnited Kingdom
LocationEygelshoven, Limburg
ASNAS214472
OrgStorm Industries
Coords51.2993, 9.4910

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
inetnum: 176.65.139.0 - 176.65.139.255 netname: PFCLOUD-NET org: ORG-SI335-RIPE country: NL admin-c: SNO38-RIPE tech-c: SNO38-RIPE status: ASSIGNED PA created: 2026-01-28T13:14:37Z last-modified: 2026-02-23T13:52:04Z source: RIPE mnt-by: MNT-ZEXOTEK organisation: ORG-SI335-RIPE org-name: Storm Industries org-type: OTHER address: United Kingdom, Aberdare mnt-ref: MNT-ZEXOTEK abuse-c: ACRO63650-RIPE mnt-ref: STORMINDUSTRIES-MNT created: 2026-02-21T21:08:51Z last-modified: 2026-02-22T13:44:07Z source: RIPE # Filtered mnt-by: STORMINDUSTRIES-MNT role: StormCloud Network Operations address: United Kingdoms, Aberdare abuse-mailbox: [email protected] nic-hdl: SNO38-RIPE mnt-by: STORMCLOUD-MNT created: 2026-02-21T21:02:21Z last-modified: 2026-02-22T01:23:53Z source: RIPE # Filtered route: 176.65.139.0/24 origin: AS214472 created: 2026-03-18T17:56:01Z last-modified: 2026-03-18T17:56:01Z source: RIPE mnt-by: MNT-ZEXOTEK route: 176.65.139.0/24 origin: AS51396 created: 2026-01-28T13:15:05Z last-modified: 2026-01-28T13:15:05Z source: RIPE mnt-by: MNT-ZEXOTEK
references
https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-19/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 2 days ago
Appeared in 20 threat reports