IOC Radar
IPMediumSignal 73/100

176.65.148.142

Location
GermanyGermany
Eygelshoven, Limburg
ASN
AS51396
Pfcloud UG
First Seen
May 4, 2025
Last Seen
Jun 22, 2026
May 4
First Seen
420d ago
Jun 22
Last Seen
6d ago
9
Reports
source reports
73%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
73%
Signal Score
73 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

1 techniques

Network Information

CountryDEGermany
RegionEygelshoven, Limburg
ASNAS51396
OrganizationPfcloud UG

Feed Intelligence Summary

9 reports73% confidence
9
Source reports
73%
Confidence score
Category tags
abuseactive scanbad reputationbad web botbotnet activitybrute forcebrute force attackerbrute-forcecowrieddosddos attackdedigital oceandionaeaeuropeexploitexploitation activityexploited hostfattfinlandfrancegermanyhackinginbound scanindicatormonthlynetherlandsnetworknlnorth americap0fphishingping of deathpolandportscanresearchedscannerscannerssensor-taggedservice scanssht1595tannertpotunited statesvulnerability scanvulnerability-exploitationvultrweb app attack

Activity Timeline

1 total obs
Jun 22Jun 22

Threat Activity Heatmap

· Peak: 2026-06-22
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
73
SIGNAL
Signal Score
73%
Confidence
9
Reports
First seenMay 4, 2025
Last seenJun 22, 2026
GeolocationDE
CountryGermany
LocationEygelshoven, Limburg
ASNAS51396
OrgPfcloud UG
Coords51.2993, 9.4910

VirusTotal

Not checked

WHOIS

description
Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 176.65.148.142 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level1, firehol_level2); AbuseIPDB (brute-force, critical, exploited-host).
raw
inetnum: 176.65.148.0 - 176.65.148.255 netname: PF-CLOUD-NET-1 country: NL org: ORG-PU39-RIPE admin-c: AA42303-RIPE tech-c: AA42303-RIPE geofeed: https://api.geofeed.space/pfcloud/geofeed.txt status: ASSIGNED PA mnt-by: MNT-ZEXOTEK created: 2025-04-09T07:19:59Z last-modified: 2025-09-08T10:51:36Z source: RIPE organisation: ORG-PU39-RIPE org-type: OTHER org-name: Pfcloud UG address: Lilienstra�e 5 address: 94051 Hauzenberg country: DE abuse-c: AA42303-RIPE mnt-ref: pfcloud-mnt mnt-ref: gold-mnt mnt-ref: lir-ae-goldip-1-mnt mnt-ref: mnt-de-xsserver-1 mnt-ref: Mnt-zexotek mnt-by: pfcloud-mnt created: 2023-11-26T15:29:32Z last-modified: 2026-02-21T19:59:51Z source: RIPE # Filtered role: Admin address: Lilienstra�e 5, 94051 Hauzenberg remarks: ------------------------------------------------------------------------------- remarks: For all operational or administrative inquiries, please contact [email protected] remarks: Do not send abuse reports to this address. remarks: ------------------------------------------------------------------------------- remarks: Auskunftsersuchen / Information Requests should only be sent to the following email: remarks: [email protected] remarks: ------------------------------------------------------------------------------- abuse-mailbox: [email protected] nic-hdl: AA42303-RIPE mnt-by: pfcloud-mnt created: 2023-11-26T15:27:29Z last-modified: 2025-11-17T20:55:52Z source: RIPE # Filtered route: 176.65.148.0/24 origin: AS51396 mnt-by: MNT-ZEXOTEK created: 2025-04-09T07:22:39Z last-modified: 2025-04-09T07:22:39Z source: RIPE
references
https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-05-12/, https://jamesbrine.com.au

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 6 days ago
Appeared in 9 threat reports