IOC Radar
IPMediumSignal 89/100

176.65.139.7

Location
NetherlandsNetherlands
Eygelshoven, Limburg
ASN
AS214472
Storm Industries
First Seen
Jan 29, 2026
Last Seen
Jun 19, 2026
Jan 29
First Seen
147d ago
Jun 19
Last Seen
7d ago
25
Reports
source reports
89%
Confidence
medium
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
89%
Signal Score
89 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

47 techniques

Network Information

CountryNLNetherlands
RegionEygelshoven, Limburg
ASNAS214472
OrganizationStorm Industries

IP Category

Proxy
Proxy server

Feed Intelligence Summary

25 reports89% confidence
25
Source reports
89%
Confidence score
Category tags
abuseabusech-threatfox-c2cabusech-urlhaus-c2caccess controlaccount compromiseactive scanactive scanningadbadbhoney honeypotandroidapacheapache attackerapkaptarcarmasciiasyncratattackattack attemptaustraliaazurebackdoorbad reputationbad web botbankerbeelineblacklist ipblocklist_allblog spambotnetbotnet activitybotnetdomainbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebruteforcec&c communicationc2c2 panelcertcisco brute forcecisco devicecisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescnccommand & controlcommand and controlcommunication protocolcompromised credentialscompromised host indicatorscompromised hostscowriecowrie honeypotcowrie ssh attackcowrie ssh attackscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos activityddos attackddos attacksddos reflectionddosagentdedecoy systemdenial of servicedevice managementdionaeadionaea attack signaturesdionaea honeypotdistributed attacksdropped-by-amadeydropped-by-phorpiexdropperelfenterprise networkingenumerationeuropeeurope/asiaexeexecutable fileexploitexploitationexploitation activityexploited hostfattfingerftpftp brute forcefuerygafgytgermanygithubhackinghajimehoneytrap datahoneytrap honeypothosting iphttp brute forcehttp scannerhttp scanningidentity & access exploitationindicatorinfostealerinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4jarkpuspriyonewslamplamp exploitation attemptslamp server attacklamp stack exploitationlamp stack targetinglamp vulnerability scanlateral movementloaderlogin attemptlulummastealerm68kmailoney attackmailoney honeypotmailoney indicatorsmalicious activitymalicious activity detectedmalicious emailmalicious email detectionmalicious ipmalicious network activitymalicious payloadmalicious payload detectionmalicious scanmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmamontmeterpretermipsmiraimirai botnetmobilemobile securitymobile threatmonthlymozimutex-nu9deg9khbubezr1netherlandsnetworknetwork attacksnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnloceaniaocxopen proxyopendirp0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathpolcertpossible mirai variantpowerpcpowershellprocess injectionprotocol exploitationproxyproxy protocolproxyamps1pureratransomwareratreconnaissancereconnaissance activityremcosratremote accessremote servicesresearchedresource hijackingrussiarustystealerscams & fraudscanscannerscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionservice scansftp access attemptsftp attacksftp attacksshsilentnetsip attackssip brute forcesip scanningsmtpsmtp brute forcesmtp probingsocial engineeringsocradar honeypotspamspam distributionsparcsshssh attackssh monitoringsshdkitstealersuperhsystem accesst-pott1021t1021.001t1027t1040t1041t1046t1055t1055.001t1059t1059.001t1059.003t1059.004t1059.007t1064t1071t1071.001t1071.004t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1113t1125t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1528t1565t1566.001t1566.002t1566.003t1566.004t1592t1595t1595.001t1595.002t1595.003tannertanner attack patternstargeting databasetcptcp protocoltechnology llctelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotturkeyua-mshtaua-powershellua-wgetudp port scanunauthorized accessunited kingdomvantaratvbsvimpelcomvoipvoip attackvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb attackweb exploitweb exploit attemptweb exploitationweb spamweb trafficwikiwsgidavx86x86-64xmlxworm

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
89
SIGNAL
Signal Score
89%
Confidence
25
Reports
First seenJan 29, 2026
Last seenJun 19, 2026
GeolocationNL
CountryNetherlands
LocationEygelshoven, Limburg
ASNAS214472
OrgStorm Industries
Coords50.8933, 6.0580
Proxy

VirusTotal

Not checked

WHOIS

description
ip:port combination that is used for botnet Command&control (C&C)
raw
inetnum: 176.65.139.0 - 176.65.139.255 netname: PFCLOUD-NET org: ORG-SI335-RIPE country: NL admin-c: SNO38-RIPE tech-c: SNO38-RIPE status: ASSIGNED PA created: 2026-01-28T13:14:37Z last-modified: 2026-02-23T13:52:04Z source: RIPE mnt-by: MNT-ZEXOTEK organisation: ORG-SI335-RIPE org-name: Storm Industries org-type: OTHER address: United Kingdom, Aberdare mnt-ref: MNT-ZEXOTEK abuse-c: ACRO63650-RIPE mnt-ref: STORMINDUSTRIES-MNT created: 2026-02-21T21:08:51Z last-modified: 2026-02-22T13:44:07Z source: RIPE # Filtered mnt-by: STORMINDUSTRIES-MNT role: StormCloud Network Operations address: United Kingdoms, Aberdare abuse-mailbox: [email protected] nic-hdl: SNO38-RIPE mnt-by: STORMCLOUD-MNT created: 2026-02-21T21:02:21Z last-modified: 2026-02-22T01:23:53Z source: RIPE # Filtered route: 176.65.139.0/24 origin: AS214472 created: 2026-03-18T17:56:01Z last-modified: 2026-03-18T17:56:01Z source: RIPE mnt-by: MNT-ZEXOTEK route: 176.65.139.0/24 origin: AS51396 created: 2026-01-28T13:15:05Z last-modified: 2026-01-28T13:15:05Z source: RIPE mnt-by: MNT-ZEXOTEK

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 7 days ago
Appeared in 25 threat reports