IPMediumSignal 61/100
176.172.239.193
Location
FranceLyon, IDF
ASN
AS5410
BOUYGUES Telecom
First Seen
Apr 20, 2024
Last Seen
Jun 7, 2026
Apr 20
First Seen
781d ago
Jun 7
Last Seen
3d ago
29
Reports
source reports
61%
Confidence
medium
12/91
VirusTotal
detections
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryFrance
FranceRegionLyon, IDF
ASNAS5410
OrganizationBOUYGUES Telecom
Feed Intelligence Summary
29 reports61% confidence
29
Source reports
61%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount takeover attemptactive scanactive scanningactive-attackapacheapache attackeraptasiaatif feedattackattack_vector:brute_forceaustraliaauthentication attackauthentication attemptsauthentication-failureauthentication_protocolauto-generated securitybad reputationbanlist feedbinary defenseblacklisted ipblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcebruteforcec2 communicationcloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscowriecowrie honeypotcredential accesscredential brute forcecredential brute forcingcredential harvestingcredential stuffingcredential-dumpingcredential-harvestingcredential_accessctadata exfiltrationdata exfiltration attemptsdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedigital oceandionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemailenv-huntingeuropeexploitation activityexploitation attemptexploitation attemptsexploited hostexternal threat actorfail2ban triggerfinlandfnt-secure-sentinelfnt-sentinelfrfrancefraud voipftp brute forceftp brute-forcehackinghttp brute forceidentity & access exploitationimapimap attackimap brute forceindicatorinformation technologyinfrastructure acquisitionreconnaissanceinjection activityintrusion detectioniociot securityipv4it infrastructurelogin attackmail servermalaysiamalicious activitymalicious domainmalicious domainsmalicious ip addressesmalicious softwaremalicious-ipmalwaremalware behaviourmalware capturemalware deployment attemptsmalware distributionmanualmultiple failed loginsnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork traffic analysisnetwork:tcpnginxoceaniaopenctipassword attacksphishingphishing attackpop3 brute forceprocess injectionproject_gifted1protocol:imapprotocol:pop3protocol:saslprotocol:smtpransomwarereconnaissanceremote accessremote_accessresearchedresource hijackingrtbhsaslsasl authentication attacksasl brute forcescams & fraudscanscannerscannersscanning activitysecurity operationssecurity policysentrypeer botnetsftp access attemptsftp attacksip brute forcesmtpsmtp attackersmtp brute forcesmtp-attacksocial engineeringsoftware developmentspamsshssh attackssh monitoringssh-brutet1005t1016t1018t1021t1040t1041t1046t1055t1059t1071t1071.001t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1568t1583t1587.001t1588t1588.004t1590.001t1595t1595.001t1595.002t1595.003t1598t1598.003tannertargeting databasetcp brute forcetcp protocoltcp protocol attacktcp scantelecommunicationsthreat actorthreat intelligencethreat preventiontor nodeturkeyudp scanunauthorized accessunited kingdomunknown groupvoipvoip attackvulnerability scanwazuhweb app attackweb application attackweb exploitationweb spamworker_strike
Activity Timeline
Jun 7Jun 7
Threat Activity Heatmap
· Peak: 2026-06-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
29
Reports
First seenApr 20, 2024
Last seenJun 7, 2026
GeolocationFR
CountryFrance
LocationLyon, IDF
ASNAS5410
OrgBOUYGUES Telecom
Coords48.8323, 2.4075
WHOIS
- description
- FNT Sentinel Real-time Intercept: SMTP brute-force detected. Reference: 2026-05-10 08:38:51.0695 Login failure: 176.172.239.193 SMTP
- raw
- inetnum: 176.168.0.0 - 176.175.255.255 netname: BOUYGTEL descr: Bouygues Telecom Division Mobile descr: Pool for APN 2G/3G/4G End users country: FR admin-c: NOCB2-RIPE tech-c: NOCB2-RIPE status: ASSIGNED PA mnt-by: BYTEL-MNT created: 2021-05-03T08:35:21Z last-modified: 2021-05-03T08:35:21Z source: RIPE role: Network Operation center Bouygues Telecom Mobile remarks: Bouygues Telecom Mobile address: Bouygues Telecom address: 13-15 avenue du Marechal Juin address: 92366 Meudon-la-Foret cedex address: France abuse-mailbox: [email protected] admin-c: LH761-RIPE admin-c: BP5856-RIPE admin-c: FB15531-RIPE tech-c: LH761-RIPE tech-c: BP5856-RIPE nic-hdl: NOCB2-RIPE mnt-by: BYTEL-MNT created: 2009-10-12T13:21:01Z last-modified: 2018-01-05T16:06:22Z source: RIPE # Filtered route: 176.128.0.0/10 origin: AS5410 mnt-by: BYTEL-MNT created: 2022-08-09T13:43:36Z last-modified: 2022-08-09T13:43:36Z source: RIPE
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://github.com/telekom-security/tpotce, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 3 days ago
Appeared in 29 threat reports