IOC Radar
IPMediumSignal 38/100

176.65.148.10

Location
GermanyGermany
Eygelshoven, Limburg
ASN
AS51396
Pfcloud UG
First Seen
Apr 14, 2025
Last Seen
Jun 20, 2026
Apr 14
First Seen
436d ago
Jun 20
Last Seen
4d ago
29
Reports
source reports
38%
Confidence
medium
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
38%
Signal Score
38 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

77 techniques

Network Information

CountryDEGermany
RegionEygelshoven, Limburg
ASNAS51396
OrganizationPfcloud UG

Feed Intelligence Summary

29 reports38% confidence
29
Source reports
38%
Confidence score
Category tags
abuseaccess attemptaccess controlaccount compromiseactive scanactive scanningadbhoney activityadbhoney honeypotapacheapplication layer protocolaptattachment phishingattackattack origin: gbaustraliaauthenticationauthentication attackauthentication attacksauthentication attemptsauthentication failureauthentication failuresautomated attackautomated attacksautomated emailbad reputationbad web botbankingbase64base64 encodingbecblacklist candidateblacklisted ipbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcebrute_forcebulk emailc&c communicationc2 servercisco devicecisco exploit attemptscisco_exploitcliftoncommand & controlcommand and controlcommand injectioncommon password attackcommunication protocolcommunication securitycommunication technologiescompromise attemptcompromised credentialscompromised credentials attemptcompromised hostsconpot activityconpot honeypotcowrie activitycowrie capturecowrie honeypotcowrie interactionscowrie_attackcredential accesscredential harvestingcredential phishingcredential stuffingcredential_accesscredit card servicesdata exfiltrationdata store exposuredata theftdatabase attackdatabase exploitation attemptsdatabase securityddosddos attackddos attacksddos attemptddos preventiondecoy systemdenial of servicedenial-of-servicedevice managementdionaea activitydionaea capturedionaea honeypotdionaea interactionsdirectory traversaldistributed attacksdnsdns attackenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploit kit activityexploit public-facing applicationexploitationexploitation activityexploited hostexploitsfail2ban alertfail2ban bansfail2ban blockfail2ban blocked ipsfail2ban logsfail2ban triggerfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfattfinancefinance and insurancefinancial servicesfinancial technologyfinlandftpftp brute forcegame_servergermanyget requesthackinghoneytrap honeypothttp brute forcehttp floodhttp scannerhttp scanningics securityidentity & access exploitationindicatorindustrial control systemsinformation technologyinitial accessinitial_accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot device targetingiot securityiot/ics attackipphoney activityipphoney honeypotit infrastructurekfsensor honeypotlamplamp attackslamp exploit attemptslamp exploitation attemptlamp server targetinglamp stack exploitationlamp_exploitlateral movementlog4jloginlogin attacklogin attackslogin attemptlogin attemptslogin brute-forcelogin failurelogin failure analysislogin failuresmailoney honeypotmalicious activitymalicious activity detectedmalicious linkmalicious network activitymalicious payloadmalicious payload attemptmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmalware propagationmalware scanningmirai botnetmobile carriersmobile networksnetherlandsnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusionsnetwork layer protocolnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnew_ip.txtnorth americanotable cybernoticeoceaniap0fpasswordpassword attackpassword attackspassword sprayingpassword theftpayment fraudpayment processingphishingphishing attackphishing campaignphishing trapping of deathpossible credential stuffingpost requestpotential botnet activitypotential intrusionpotential malware deliverypotential malware uploadprice requestprice request scamprivateprocess injectionprotocol exploitationransomwarerate limitingreconnaissanceremote accessremote code executionremote service exploitationremote service interactionremote servicesresearchedresource developmentresource exhaustionresource hijackingscams & fraudscanscannerscanning activityschedule themescheduled task abusescripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetservice scansftp activitysftp attacksftp probingsftp_attackshellshell access attemptssip brute forcesip_attacksmtpsmtp brute forcesocial engineeringsocradar honeypotsoftware developmentspamsql injection attemptssshssh attackssh monitoringssh_bruteforcestaging_serverswedent-pott1003t1003.001t1005t1016t1018t1021t1021.001t1021.002t1021.004t1021.005t1021.006t1040t1041t1046t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1136t1136.001t1136.002t1187t1189t1190t1192t1195t1195.002t1199t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1573t1583t1588t1588.004t1589t1589.002t1592t1595t1595.001t1595.002t1595.003t1598t1598.003tannertanner interactionstargeting databasetariff server compromisetariff server themetariffs servertcp protocoltcp scantelecom servicestelecommunicationstelnet threatthreatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottpotcetwitterudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunited kingdomunited statesunknown threat actorus ip addressvalid accountsvoipvoip attackvpsvulnerabilityvulnerability scanwealth managementweb application attackweb application attacksweb attackweb brute forceweb exploitationweb scannerweb shellweb trafficwetransfer abusexss

Activity Timeline

1 total obs
Jun 20Jun 20

Threat Activity Heatmap

· Peak: 2026-06-20
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
38
SIGNAL
Signal Score
38%
Confidence
29
Reports
First seenApr 14, 2025
Last seenJun 20, 2026
GeolocationDE
CountryGermany
LocationEygelshoven, Limburg
ASNAS51396
OrgPfcloud UG
Coords51.2993, 9.4910

VirusTotal

Not checked

WHOIS

raw
inetnum: 176.65.148.0 - 176.65.148.255 netname: PF-CLOUD-NET-1 country: DE org: ORG-PU39-RIPE admin-c: AA42303-RIPE tech-c: AA42303-RIPE status: ASSIGNED PA mnt-by: MNT-ZEXOTEK created: 2025-04-09T07:19:59Z last-modified: 2025-04-09T16:10:10Z source: RIPE organisation: ORG-PU39-RIPE org-type: OTHER org-name: Pfcloud UG address: Lilienstra�e 5 address: 94051 Hauzenberg country: DE abuse-c: AA42303-RIPE mnt-ref: MNT-NETERRA mnt-ref: pfcloud-mnt mnt-ref: WHITELABEL-MNT mnt-ref: DGTL-MNT mnt-ref: LV-VERNET-HM-MNT mnt-ref: lir-ae-royal-1-MNT mnt-ref: mnt-de-xsserver-1 mnt-ref: Mnt-zexotek mnt-by: pfcloud-mnt created: 2023-11-26T15:29:32Z last-modified: 2025-04-09T11:06:56Z source: RIPE # Filtered role: Admin address: Lilienstra�e 5, 94051 Hauzenberg abuse-mailbox: [email protected] nic-hdl: AA42303-RIPE mnt-by: pfcloud-mnt created: 2023-11-26T15:27:29Z last-modified: 2024-02-08T20:37:11Z source: RIPE # Filtered route: 176.65.148.0/24 origin: AS51396 mnt-by: MNT-ZEXOTEK created: 2025-04-09T07:22:39Z last-modified: 2025-04-09T07:22:39Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://purplesynapz.com/, https://redpiranha.net, Annex A - Notable Cyber Threat Indicators by Key FIs Apr - May 2025.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 days ago
Appeared in 29 threat reports