Check an IP Address, Domain Name, Subnet, or ASN

176.65.132.7 was found in our database!

$ whois 176.65.132.7

country·🇩🇪 Germany

isp·Pfcloud UG (haftungsbeschrankt)

asn·AS51396

network·Standard

$ sikker risk 176.65.132.7scoring →

confidence

97%Very High

first_seen·Feb 21, 2026

last_seen·15d ago

first_reported·Mar 3, 2026

last_reported·15d ago

sessions·74

events·74

reports·2

$ sikker protocols 176.65.132.7

HTTPS

38 / 38

HTTP

28 / 28 / 2r

SSH

8 / 8

$ sikker summary 176.65.132.7

176.65.132.7 has a threat confidence score of 97%. This IP address from Germany (AS51396, Pfcloud UG (haftungsbeschrankt)) has been observed in 74 honeypot sessions and reported 2 times targeting HTTPS, HTTP, SSH protocols. First observed on February 21, 2026, most recently active March 4, 2026.

$ sikker behaviors 176.65.132.7catalog →

mediumSsh Host Capability And Gpu Reconnaissance7x

Comprehensive post-access host reconnaissance over SSH focused on system fingerprinting and GPU capability validation. The activity enumerates OS and kernel details, CPU model and core count, uptime, interactive users, routing information, and performs conditional GPU detection via lspci or nvidia-smi. It also validates binary availability (e.g., kill) and performs external IP organization lookups. This pattern is consistent with operators assessing compute capacity (including GPU suitability), system stability, and execution environment before payload deployment such as cryptomining, AI workload abuse, or resource-intensive tooling.

mediumNextjs Rsc Proto Pollution Probe3x

Automated multipart form-data payload attempting prototype pollution against a Next.js / React Server Components deserialization context using __proto__ and constructor:constructor gadget references. Indicates staged remote code execution probing against Node.js-based public-facing applications.

infoHttps Root Path Request19x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 176.65.132.7

https_path_root20 ssh_uname_s_v_n_r_m7 ssh_nproc_available_cpu_count7 ssh_external_ipinfo_org_lookup7 ssh_uname_machine_architecture7 ssh_uptime_text_parsing_pipeline7 ssh_lscpu_model_name_field_extraction7 ssh_command_v_kill_binary_presence_check7 ssh_ip_route_cidr_extraction_via_grep_regex7 ssh_passwd_interactive_user_enumeration_filtered7 ssh_gpu_presence_detection_conditional_lspci_or_nvidia_smi7 http_method_get6 http_multipart_nextjs_proto_constructor_pollution_probe3

$ sikker reports 176.65.132.7submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 4, 2026, 02:10	Brute Force	HTTP	SikkerGuard: 2 blocked packets
User	Mar 3, 2026, 21:40	Brute Force	HTTP	SikkerGuard: 4 blocked packets

$ sikker related 176.65.132.7

🇩🇪·More threats fromGermany→AS·More threats fromPfcloud UG (haftungsbeschrankt)→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
176.65.149.215	92%	529
176.65.148.214	92%	322
204.76.203.212	97%	39,555
176.65.149.235	88%	524
176.65.149.234	91%	1,240

IP Address	Confidence	Events
87.106.147.36	100%	179,240
146.0.42.48	87%	61,440
152.53.191.128	83%	52,887
62.171.129.237	99%	62,584
162.158.111.249	4%	2