IOC Radar
IPMediumSignal 81/100

170.39.216.152

Location
FranceFrance
Paris, Île-de-France
ASN
AS52053
FBW Reseaux Fibres inc
First Seen
Aug 6, 2024
Last Seen
May 24, 2026
Aug 6
First Seen
677d ago
May 24
Last Seen
21d ago
17
Reports
source reports
81%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
81%
Signal Score
81 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

46 techniques

Network Information

CountryFRFrance
RegionParis, Île-de-France
ASNAS52053
OrganizationFBW Reseaux Fibres inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

17 reports81% confidence
17
Source reports
81%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive reconnaissanceactive scanactive scanningaptasiaattackaustraliaauthentication attackautomated threatbad reputationbad web botblacklist activityblacklist ipblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attacksc2 communicationcanadacloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand executioncommunication protocolcowriecowrie activitycowrie attackscowrie honeypotcredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedhcpdhcp attacksdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdistributed attackselasticsearchelasticsearch attacksencryptioneuropeexploitation activityexploited hostfattfrfranceftpftp attacksftp brute forcehackinghoneytrap honeypothttp scannerhttp scanningidentity & access exploitationimapimap attacksindicatorinformation gatheringinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniot botnetiot securityiot/ics attackipv4ipv4 port scanningipv4 scanningipv4 threatsjapanlamplamp exploitation attemptslamp stack targetinglateral movementldapldap attacksmailoney honeypotmalicious activitymalicious ipmalicious ip listmalicious ipv4malicious scanmalicious softwaremalwaremalware behaviourmalware capturememcached attacksmiraimirai botnetmssqlmssql attacksnetworknetwork activitynetwork attacksnetwork discoverynetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service discoverynorth americantpntp attacksoceaniaopen port detectionopportunistic attackoracleoracle attacksp0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathportscanpostgrespostgresql attackspotential vulnerability probingprocess injectionprotocol exploitationproxyproxy protocolrdp scanningreconnaissancereconnaissance activityredisredis attacksremote accessremote servicesresearchedresource hijackingscanscannerscannersscanning activitysecurity policysensor-taggedsentrypeer botnetserver exploitationservice discoveryservice enumerationservice scansftpsftp attacksmbsmb attackssmb brute forcesmtpsnmpsnmp attackssocial engineeringsocks5socks5 proxy activityspamsql injectionsshssh attackssh attacksssh monitoringsyn scansystem accesst1018t1021t1021.001t1021.002t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.005t1071t1071.001t1076t1077t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1497t1499.001t1499.002t1499.003t1505.004t1563t1565t1566.001t1566.002t1566.003t1589t1590t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltelecommunicationstelnettelnet attackstelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanvncvnc attacksvnc protocolvoipvoip attackvulnerability scanvultrvultr cloud infrastructureweb app attackweb application attackweb brute forceweb exploitweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
May 24May 24

Threat Activity Heatmap

· Peak: 2026-05-24
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address identified as `170.39.216.152`, represents a significant and active threat that demands immediate attention. With a high score of over 80 and confirmed as not whitelisted, this IP address has been broadly flagged across numerous reputable threat intelligence feeds as a source of malicious activity. Its presence in organizational logs could indicate an active compromise, an attempted breach, or reconnaissance efforts targeting critical assets. F…

Threat ScoreHigh Risk
81
SIGNAL
Signal Score
81%
Confidence
17
Reports
First seenAug 6, 2024
Last seenMay 24, 2026
GeolocationFR
CountryFrance
LocationParis, Île-de-France
ASNAS52053
OrgFBW Reseaux Fibres inc
Coords43.6319, -79.3716
Proxy

VirusTotal

Not checked

WHOIS

raw
FBW Reseaux Fibres inc. FBW-RFF-CANADA (NET-170-39-216-0-1) 170.39.216.0 - 170.39.219.255 REDHEBERG SAS REDHEBERG-NET (NET-170-39-216-0-2) 170.39.216.0 - 170.39.216.255
references
https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-02/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-01/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 21 days ago
Appeared in 17 threat reports