IOC Radar
IPMediumSignal 84/100

176.65.139.8

Location
United KingdomUnited Kingdom
Eygelshoven, Limburg
ASN
AS214472
Storm Industries
First Seen
Sep 30, 2025
Last Seen
Jun 5, 2026
Sep 30
First Seen
264d ago
Jun 5
Last Seen
16d ago
31
Reports
source reports
84%
Confidence
medium
Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

52 techniques

Network Information

CountryGBUnited Kingdom
RegionEygelshoven, Limburg
ASNAS214472
OrganizationStorm Industries

IP Category

Proxy
Proxy server

Feed Intelligence Summary

31 reports84% confidence
31
Source reports
84%
Confidence score
Category tags
abuseabusech-threatfox-c2cabusech-urlhaus-c2caccess controlaccount compromiseactive scanactive scanningadbadb exploitadbhoney honeypotaegisamberandroidapacheapache attackerapplication access tokenaptarmasciiattackattacker ipsattacker-ipaustraliaauthentication attemptauthentication attemptsauthentication failureautomated attackbad reputationbad web botblacklist ipblock rateblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcec&c communicationc2canadacertciscocisco brute forcecisco devicecisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescoinminercommand & controlcommand and controlcommunication protocolcommunication securitycompromised hostcompromised hostsconpot honeypotcorazacowriecowrie attackscowrie datacowrie honeypotcredential accesscredential harvestingcredential stuffingcryptocurrencydata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos activityddos attackddos attacksdedecoy systemdenial of servicedevice managementdigital oceandionaeadionaea honeypotdionaea malware samplesdistributed attacksdropped-by-phorpiexdropperdropselasticpot honeypotelasticsearch monitoringelfemailencodedencryptionenterprise networkingeuropeeurope/asiaexeexecutable fileexfiltrationexploitexploit attemptexploitationexploitation activityexploitation of vulnerabilityexploited hostexploitsexternal threatfattfileftpftp attacksftp brute forceftp brute-forcefullgafgytgermanyguloaderhackinghajimehoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanningics securityidentity & access exploitationindicatorindustrial control systemsinfostealerinfrastructure scanninginitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot device targetingiot securityiot targetediot/ics attackkill-chain exploitationkill-chain reconnaissancelamplamp exploitationlamp exploitation attemptslamp server attacklamp stack targetinglamp vulnerability scanlamp vulnerability scanninglateral movementloginlogin attacklogin attemptlow-risklum68kmailoney honeypotmalicious activitymalicious activity detectedmalicious adb activitymalicious file uploadsmalicious network activitymalicious payloadmalicious scanmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmalware propagationmipsmiraimirai botnetmobilemobile securitymobile threatmozimssqlnetherlandsnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork perimeternetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_enumerationnlnorth americaoceaniaopen proxyopenctiopendirosintp0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandportscanpossible exploit attemptspossible mirai variantpowerpcprocess injectionprotocol exploitationproxyproxy protocolransomwareratreconnaissancereconnaissance activityredis honeypotremcosratremote accessremote access attemptremote access attemptsremote loginremote service exploitationremote servicesresearchedresource hijackingrisc-vrustystealersaint helena, ascension and tristan da cunhascams & fraudscanscannerscannersscanning activityscripting attackssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer intrusion attemptsservice scansftpsftp access attemptsftp attacksftp attemptsftp exploitation attemptshsipsip attackssip brute forcesip scanningsmtp brute forcesmtp enumerationsmtp probingsnmpsocial engineeringsocradar honeypotspamspam distributionsparcsql injectionsshssh attackssh monitoringsuperhsynt-pott1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1064t1071t1071.001t1071.004t1076t1077t1078t1078.001t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555.004t1563t1565t1566.001t1566.002t1566.003t1566.004t1589t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottrojanturkeyua-wgetudp port scanudp scanunauthorized accessunited kingdomunited statesunknown threat actorus ip addressvalid accountsvoidtrapvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb application attacksweb application scanningweb attackweb exploitationweb serverweb spamweb trafficx86x86-32zip

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
31
Reports
First seenSep 30, 2025
Last seenJun 5, 2026
GeolocationGB
CountryUnited Kingdom
LocationEygelshoven, Limburg
ASNAS214472
OrgStorm Industries
Coords51.2993, 9.4910
Proxy

VirusTotal

Not checked

WHOIS

description
ip:port combination that is used for botnet Command&control (C&C)
raw
inetnum: 176.65.139.0 - 176.65.139.255 netname: PFCLOUD-NET org: ORG-SI335-RIPE country: NL admin-c: SNO38-RIPE tech-c: SNO38-RIPE status: ASSIGNED PA created: 2026-01-28T13:14:37Z last-modified: 2026-02-23T13:52:04Z source: RIPE mnt-by: MNT-ZEXOTEK organisation: ORG-SI335-RIPE org-name: Storm Industries org-type: OTHER address: United Kingdom, Aberdare mnt-ref: MNT-ZEXOTEK abuse-c: ACRO63650-RIPE mnt-ref: STORMINDUSTRIES-MNT created: 2026-02-21T21:08:51Z last-modified: 2026-02-22T13:44:07Z source: RIPE # Filtered mnt-by: STORMINDUSTRIES-MNT role: StormCloud Network Operations address: United Kingdoms, Aberdare abuse-mailbox: [email protected] nic-hdl: SNO38-RIPE mnt-by: STORMCLOUD-MNT created: 2026-02-21T21:02:21Z last-modified: 2026-02-22T01:23:53Z source: RIPE # Filtered route: 176.65.139.0/24 origin: AS214472 created: 2026-03-18T17:56:01Z last-modified: 2026-03-18T17:56:01Z source: RIPE mnt-by: MNT-ZEXOTEK route: 176.65.139.0/24 origin: AS51396 created: 2026-01-28T13:15:05Z last-modified: 2026-01-28T13:15:05Z source: RIPE mnt-by: MNT-ZEXOTEK
references
https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-23/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-23/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-23/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-23/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-23/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-22/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-22/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-22/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-22/, https://urlhaus.abuse.ch/browse/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-24/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-24/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-02-24/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-02-24/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-02-24/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-02-24/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-02-23/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-23/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-23/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-02-23/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 8 months ago · Last seen 16 days ago
Appeared in 31 threat reports