IPMediumSignal 43/100
176.65.148.228
Location
GermanyEygelshoven, Rheinland-Pfalz
ASN
AS51396
Pfcloud UG
First Seen
Apr 21, 2025
Last Seen
Jun 22, 2026
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
43%
Signal Score
43 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryGermany
GermanyRegionEygelshoven, Rheinland-Pfalz
ASNAS51396
OrganizationPfcloud UG
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
12 reports43% confidence
12
Source reports
43%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningattackaustraliaautomated attackautomated enumerationautomated reconnaissance activitybad reputationbad web botblacklist ipbotnetbotnet activitybrute forcebrute force attackbrute-forceclosecommand and controlcommunication protocolcompromised credentialscowrie honeypotcredential accesscredential stuffingdata exfiltrationdata harvesting attemptsdata store exposureddosddos attackddos attacksdecoy systemdenial of servicedistributed attackseuropeexploit attemptsexploitationexploitation activityexploited hostftp brute forcegeckogermanyhackinghellohttp brute forcehttp scanneridentity & access exploitationindicatorinitial accessinjection activityintel macinternet of thingsintrusion detectioniot botnetiot securityiot/ics attackkhtmllateral movementlinux x8664malicious activitymalicious scanmalicious softwaremalwaremalware propagationmalware scanningmirai botnetmobilemobile securitynetherlandsnetworknetwork attacksnetwork probingnetwork scanningnetwork securitynetwork service scanningnloceaniaos fingerprintingos xpassword attacksprocess injectionproxyproxy protocolransomwarereconnaissancereconnaissance activityremote accessremote servicesresearchedscanscannerscanner detectionscanning activitysecurity policyservice scansftp attackshell access attemptssipsmtp brute forcespamsql injection attemptssshssh attackssh monitoringt1016t1021t1021.001t1021.004t1021.005t1040t1041t1046t1055t1059t1059.004t1064t1071.001t1076t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1588t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocolthreat actorthreat intelligencethreat preventiontor nodetpotceubuntuunusual network trafficweb app attackweb application attackweb crawling detectionweb exploitationweb spamweb trafficwindows nt
Activity Timeline
Jun 22Jun 22
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
43
SIGNAL
Signal Score
43%
Confidence
12
Reports
First seenApr 21, 2025
Last seenJun 22, 2026
GeolocationDE
CountryGermany
LocationEygelshoven, Rheinland-Pfalz
ASNAS51396
OrgPfcloud UG
Coords49.1108, 8.1866
Proxy
VirusTotal
Not checked
WHOIS
- description
- IPV4 hosts detected performing scans on production environment located in Australia.
- raw
- inetnum: 176.65.148.0 - 176.65.148.255 netname: PF-CLOUD-NET-1 country: DE org: ORG-PU39-RIPE admin-c: AA42303-RIPE tech-c: AA42303-RIPE status: ASSIGNED PA mnt-by: MNT-ZEXOTEK created: 2025-04-09T07:19:59Z last-modified: 2025-04-09T16:10:10Z source: RIPE organisation: ORG-PU39-RIPE org-type: OTHER org-name: Pfcloud UG address: Lilienstra�e 5 address: 94051 Hauzenberg country: DE abuse-c: AA42303-RIPE mnt-ref: MNT-NETERRA mnt-ref: pfcloud-mnt mnt-ref: WHITELABEL-MNT mnt-ref: DGTL-MNT mnt-ref: LV-VERNET-HM-MNT mnt-ref: lir-ae-royal-1-MNT mnt-ref: mnt-de-xsserver-1 mnt-ref: Mnt-zexotek mnt-by: pfcloud-mnt created: 2023-11-26T15:29:32Z last-modified: 2025-04-09T11:06:56Z source: RIPE # Filtered role: Admin address: Lilienstra�e 5, 94051 Hauzenberg abuse-mailbox: [email protected] nic-hdl: AA42303-RIPE mnt-by: pfcloud-mnt created: 2023-11-26T15:27:29Z last-modified: 2024-02-08T20:37:11Z source: RIPE # Filtered route: 176.65.148.0/24 origin: AS51396 mnt-by: MNT-ZEXOTEK created: 2025-04-09T07:22:39Z last-modified: 2025-04-09T07:22:39Z source: RIPE
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 3 days ago
Appeared in 12 threat reports