IPMediumSignal 83/100

`176.65.148.173`

Location

Germany

Eygelshoven, Bavaria

ASN

AS51396

Pfcloud UG

First Seen

May 4, 2025

Last Seen

Jun 18, 2026

May 4

First Seen

415d ago

Jun 18

Last Seen

4d ago

Reports

source reports

83%

Confidence

medium

Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

83%

Signal Score

83 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

93 techniques

Network Information

Country

Germany

RegionEygelshoven, Bavaria

ASNAS51396

OrganizationPfcloud UG

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

21 reports83% confidence

Source reports

83%

Confidence score

Category tags

abuseabusech-threatfox-c2cabusech-urlhaus-c2caccess controlaccount brute forceaccount compromiseaccount securityactive scanactive scanningadbhoney honeypotadministrative accessanomalous network connectionsarcarmasciiasiaattackattack attemptattack preparatoryaustraliaauthentication attacksautomated activityautomated attackautomated attacksautomated threatsautomated-attackbad reputationbad web botbase64-loaderblacklisted ipsblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2c2 communicationcanadacertchina mobilecisco devicecisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommon credential attemptscommunication protocolcompany limitedcompromised hostcompromised hostscompromised systemcompromised systemsconpot honeypotcontainer securitycowriecowrie attackscowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcurldaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos attack indicatorsddos attacksddos probeddospotdedecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean environmentdionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdropped-by-amadeydropped-by-gcleanerelasticpot honeypotelasticsearchelasticsearch monitoringelfencodedencryptionenterprise networkingenumerationenumeration activitieseuropeeurope/asiaexeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilitiesexploitation of vulnerabilityexploited hostexternal threatexternal-scanningexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinlandfranceftpftp attackftp attacksftp brute forcegafgytgalahgermanygluttongopotguloaderhackinghajimehellpothk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghtahttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usicmpics securityidentity & access exploitationimapindicatorindustrial control systemsinfected hostsinformation gatheringinfostealerinitial accessinitial access vectorinitial_access_attemptinjection activityinjection attacksinternet background noiseinternet of thingsinternet-facing serviceinternet-wide scaninternet_scannersintrusion detectioniociocsiot botnetiot securityiot/ics attackipphoney honeypotipv4ipv4 activityipv4_activityipv4_addressisokibanalamplamp attacklamp exploitation attemptslateral movementlinux systemslinux_server_attackslodaratlog4potlogin attacklogin attemptluam68kmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious domainsmalicious file transfermalicious ipmalicious ip activitymalicious network activitymalicious softwaremalicious trafficmalicious urlsmalwaremalware activitymalware analysismalware behaviourmalware c2malware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware infectionmalware propagationmalware_activitymedpotmipsmiraimirai botnetmozimsimssqlnetherlandsnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnetwork-reconnaissancenetwork_discoverynetwork_scanningnew caledonianlnorth americaoceaniaopendiroperating systemoperating system securityp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpgp signphantomgatephantomstealerphishingphishing attackphishing trapping of deathpolandportscanpossible botnet activitypossible malware distributionpotential vulnerability scanpowerpcpowershellprivilege escalationprocess injectionprotocol exploitationproxyproxy accessps1pureratransomwareransomware activityratreconnaissancereconnaissance activityredis honeypotremcosratremote accessremote access attackremote code executionremote servicesresearchedresource hijackingrev-base64-loaderrmmrustystealersaint helena, ascension and tristan da cunhasantastealerscams & fraudscanscannerscanner ipsscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice enumerationservice scansftp attacksftp attacksshell accessshell access attemptshell commandsip attackssip brute forcesip vulnerability scansippsmartloadersmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradar honeypotsoftware exploitationspamsparcsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringstealersuperhsuricata alertsuricata alertssystem disruptiont1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1040t1041t1046t1047t1048t1053t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1583t1588t1588.002t1588.006t1589t1590t1590.004t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcptcp protocoltcp scantcp-scanningtelecommunicationstelnettelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventionthreat_intelligencetimeouttop10.txttopips.txttor nodetorontotpotturkeyua-mshtaua-wgetudp scanudp-scanningunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunited statesunknown threat actorus abuseus nonevidarvipkeyloggervnc protocolvoipvoip attackvoip systemsvulnerability scanvulnerability-exploitationvultrweb application attackweb application attacksweb application scanningweb attackweb exploitationweb login attemptweb server attacksweb serversweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficweb_attackwgetwordpotx86x86-32x86-64xwormzigclipperzip

Activity Timeline

1 total obs

Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

83%

Confidence

Reports

First seenMay 4, 2025

Last seenJun 18, 2026

GeolocationDE

CountryGermany

LocationEygelshoven, Bavaria

ASNAS51396

OrgPfcloud UG

Coords48.6242, 13.6687

Proxy

VirusTotal

Not checked

WHOIS

description: ip:port combination that is used for botnet Command&control (C&C)
raw: inetnum: 176.65.148.0 - 176.65.148.255 netname: PF-CLOUD-NET-1 country: DE org: ORG-PU39-RIPE admin-c: AA42303-RIPE tech-c: AA42303-RIPE status: ASSIGNED PA mnt-by: MNT-ZEXOTEK created: 2025-04-09T07:19:59Z last-modified: 2025-04-09T16:10:10Z source: RIPE organisation: ORG-PU39-RIPE org-type: OTHER org-name: Pfcloud UG address: Lilienstra�e 5 address: 94051 Hauzenberg country: DE abuse-c: AA42303-RIPE mnt-ref: MNT-NETERRA mnt-ref: pfcloud-mnt mnt-ref: WHITELABEL-MNT mnt-ref: DGTL-MNT mnt-ref: LV-VERNET-HM-MNT mnt-ref: lir-ae-royal-1-MNT mnt-ref: mnt-de-xsserver-1 mnt-ref: Mnt-zexotek mnt-by: pfcloud-mnt created: 2023-11-26T15:29:32Z last-modified: 2025-04-09T11:06:56Z source: RIPE # Filtered role: Admin address: Lilienstra�e 5, 94051 Hauzenberg abuse-mailbox: [email protected] nic-hdl: AA42303-RIPE mnt-by: pfcloud-mnt created: 2023-11-26T15:27:29Z last-modified: 2024-02-08T20:37:11Z source: RIPE # Filtered route: 176.65.148.0/24 origin: AS51396 mnt-by: MNT-ZEXOTEK created: 2025-04-09T07:22:39Z last-modified: 2025-04-09T07:22:39Z source: RIPE

`176.65.148.173`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey