IOC Radar
IPMediumSignal 77/100

176.65.149.23

Location
GermanyGermany
Eygelshoven, Bavaria
ASN
AS51396
Pfcloud UG
First Seen
May 3, 2025
Last Seen
Jun 5, 2026
May 3
First Seen
407d ago
Jun 5
Last Seen
10d ago
19
Reports
source reports
77%
Confidence
medium
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

36 techniques

Network Information

CountryDEGermany
RegionEygelshoven, Bavaria
ASNAS51396
OrganizationPfcloud UG

Feed Intelligence Summary

19 reports77% confidence
19
Source reports
77%
Confidence score
Category tags
abuseabusech-urlhaus-c2cactive scanactive scanningaptarmasciiaustraliabad reputationbad web botblackmatterbotnetbotnet activitybotnetdomainbrute forcebrute force attackbrute force attackerbrute force attacksbrute-forcec2c2 frameworkcnccommand & controlcommand and controlcommunication protocolcompromised hostscowriecowrie honeypotcredential accesscredential harvestingcredential stuffingcredential theftdata exfiltrationdata store exposureddosddos attackddos attacksddosagentdedecoy systemdenial of servicedionaeadionaea honeypotdistributed attacksdropped-by-amadeydropped-by-phorpiexelfeuropeexeexecutable fileexploitexploitation activityexploited hostfattftpgagolgermanyhackinghoneytrap honeypothttp scanneridentity & access exploitationinbound scanindicatorinfected systemsingress tool transferinjection activityinternet of thingsiot botnetiot securityiot/ics attackmailoney honeypotmalicious activitymalicious ipsmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmalware urlmalware url analysismeowmeowarm64mipsmiraimirai botnetmozinetherlandsnetworknetwork intrusion attemptsnetwork scanningnetwork securitynetwork trafficnloceaniap0fparaguaypassword attacksphishingphishing attackphishing campaignphishing trappolcertportscanpowershellprocess injectionprotocol exploitationps1pythonransomwarereconnaissanceremote accessremote servicesremusstealerresearchedresource hijackingscams & fraudscannerscannerssensor-taggedsentrypeer botnetservice scanshsha valuessliversmtpsocial engineeringspamspynotesshssh attackssh monitoringsubmit datet1021t1021.001t1040t1041t1053t1055t1059t1071t1071.001t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1573t1595t1595.001t1595.002t1595.003tagstannertelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetortor nodetpottrojan malwareua-wgetvalleyratvoipvoip attackvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb exploitationweb traffic

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
19
Reports
First seenMay 3, 2025
Last seenJun 5, 2026
GeolocationDE
CountryGermany
LocationEygelshoven, Bavaria
ASNAS51396
OrgPfcloud UG
Coords51.2993, 9.4910

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=honeytrap, p0f; threshold?1; private IPs excluded. geo=NL; ports=61616,61617 Location=Sydney, Australia.
raw
inetnum: 176.65.149.0 - 176.65.149.255 netname: PFCLOUD-NET-2 country: DE org: ORG-PU39-RIPE admin-c: AA42303-RIPE tech-c: AA42303-RIPE status: ASSIGNED PA mnt-by: MNT-ZEXOTEK created: 2025-04-09T07:20:40Z last-modified: 2025-04-09T16:10:43Z source: RIPE organisation: ORG-PU39-RIPE org-type: OTHER org-name: Pfcloud UG address: Lilienstra�e 5 address: 94051 Hauzenberg country: DE abuse-c: AA42303-RIPE mnt-ref: MNT-NETERRA mnt-ref: pfcloud-mnt mnt-ref: WHITELABEL-MNT mnt-ref: DGTL-MNT mnt-ref: LV-VERNET-HM-MNT mnt-ref: lir-ae-royal-1-MNT mnt-ref: mnt-de-xsserver-1 mnt-ref: Mnt-zexotek mnt-by: pfcloud-mnt created: 2023-11-26T15:29:32Z last-modified: 2025-04-09T11:06:56Z source: RIPE # Filtered role: Admin address: Lilienstra�e 5, 94051 Hauzenberg abuse-mailbox: [email protected] nic-hdl: AA42303-RIPE mnt-by: pfcloud-mnt created: 2023-11-26T15:27:29Z last-modified: 2024-02-08T20:37:11Z source: RIPE # Filtered route: 176.65.149.0/24 origin: AS51396 mnt-by: MNT-ZEXOTEK created: 2025-04-09T07:23:07Z last-modified: 2025-04-09T07:23:07Z source: RIPE
references
https://any.run/malware-trends/, https://urlhaus.abuse.ch/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 10 days ago
Appeared in 19 threat reports