IPMediumSignal 66/100

`185.177.72.30`

Location

Spain

Vélizy-Villacoublay, ENG

ASN

AS211590

FBW NETWORKS

First Seen

Jul 3, 2025

Last Seen

Jun 15, 2026

Jul 3

First Seen

361d ago

Jun 15

Last Seen

14d ago

Reports

source reports

66%

Confidence

medium

Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

66%

Signal Score

66 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

117 techniques

Network Information

Country

Spain

RegionVélizy-Villacoublay, ENG

ASNAS211590

OrganizationFBW NETWORKS

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

28 reports66% confidence

Source reports

66%

Confidence score

Category tags

50 ip addresses50 ip iocs50+ unique ips50_iocsabuseabuse scoreabused ssl certificateabuseipdbaccess attemptaccess controlaccess_attemptsaccount compromiseaccount takeover attemptactive scanactive scanningadb attacksadbhoney honeypotadversarial reconnaissanceafricaalibabaalibaba asnalibaba cloudalibaba cloud abusealibaba cloud activityalibaba cloud hostingalibaba cloud infrastructurealibaba cloud ipsalibaba cloud ispalibaba hostingalibaba infrastructurealibaba ipalibaba ipsalibaba network abusealibaba related activityand germanyand injection attemptsanomalous activityanomalous behavioranomalous ip activityanomalous trafficanomaly detectionapacheapache attackerapplication layer protocolapplication_layer_protocolaptapt activityapt candidateapt indicatorsapt suspectedar ipar ip addressar ip addressesar ipsar_activityarg-based threatargentinaargentina based activityargentina based ipargentina based ipsargentina based threatargentina based threatsargentina ipargentina ip addressesargentina ipsargentina originargentina originatingargentina originating attacksargentina originating ipargentina originating ipsargentina-based activityargentina-related activityasiaattackattack campaignattack originattack preparatoryattack sourceattack vector: network-basedattack vectorsattacker infrastructureattacker ipattacker ip: confirmedattacker-ipaustraliaaustriaauthentication abuseauthentication attacksauthentication attemptsauto blockedauto blocked ipauto blocked ipsauto-blockedauto-blocked ipauto-blocked ipsauto-generatedauto-updatedautomated analysisautomated attackautomated attacksautomated blockingautomated mitigationautomated scanautomated threatautomated threat responseautomated-attackawsaws credential harvestingaws-credentialsazerbaijanbad actor scorebad domainbad reputationbad reputation ipsbad web botbangladeshbde 80bde 80+bde analysisbde scorebde score 80bde score 80+bde score alertbde score analysisbde score highbde score thresholdbde score: 80bde score: highbde: 80bde:80bde_80bde_score_80beaconing activitybeaconing behaviorbehavioral analysisbelgiumbig data analyticsblacklisted ipblacklisted ip addressesblacklisted ipsblockedblocked-ipsblocklist_allblog spambolivarian republic ofbotnetbotnet activitybotnet indicatorsbrand weaponizationbrazilbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force potentialbrute-forcebrute-force attacksbrute-force-attackbrute_forcebulgariac2c2 activityc2 channelc2 communicationc2 communication attemptc2 detectionc2 infrastructurec2 potentialc2 trafficcambodiacanadachilechinachina based activitychina based attackchina based attackschina based ipchina based ipschina based threatchina based threatschina ip addresseschina ipschina originchina origin ipchina originatingchina originating activitychina originating attackschina originating ipchina originating ipschina related activitychina-based activitychina-based attackchina-based attackschina-based threatchina-based threat actorchina-based threat actorschina-linked activitychina-related activitychinese threat actorscisco devicecisco device attackscisco exploitation attemptsclient executioncloud computingcloud environmentcloud hostingcloud infrastructurecloud infrastructure abusecloud infrastructure attackcloud migrationcloud providercloud securitycloud servicescloud storagecn activitycn ipcn ip addresscn ip addressescn ipscn origincn originating ipcn_activitycnccnc communicationcode executioncode injectioncode-injectioncommand & controlcommand and controlcommand executioncommandandcontrolcommunication channelcommunication patternscommunication protocolcommunication protocolscompromise assessmentcompromise attemptcompromise attemptscompromise indicatorscompromised hostcompromised host communicationcompromised host detectioncompromised host indicatorscompromised hostscompromised hosts detectioncompromised hosts scanningcompromised infrastructurecompromised infrastructure activitycompromised ip addresscompromised servercompromised serverscompromised systemcompromised system detectioncompromised systemscompromised_infrastructureconnected devicesconnection attemptsconnection proxyconnection scrutinyconpot honeypotcoordinated activitycoordinated attackcosta ricacountry: united statescowriecowrie activitycowrie attackscowrie honeypotcowrie ssh attackscredential accesscredential access attemptscredential dumpingcredential harvestingcredential stuffingcredential-accesscredential-stuffingcredential_accesscredential_stuffingcredentialscross-border activitycryptocurrencycryptocurrency threatscryptojackingcyber criminalscyber threatsdata analysisdata encodingdata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration attemptsdata exfiltration potentialdata leakage detectiondata obfuscationdata store exposuredata theftdata transferdata-accessdata-exfiltration-attemptdatabase attackdatabase securityddosddos activityddos attackddos attacksddos candidatede ipde ip addressde ip addressesde ipsde originde originating ipdecoy systemdefense evasiondenial of servicedenial-of-servicedevice managementdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdistributed attackdistributed attack patterndistributed attacksdiverse geographic origindominican republicdugganusa threat inteldugganusa threat intelligenceelasticpot honeypotelasticsearch monitoringelectronic health recordsemerging threatemerging threatsencryptionenterprise networkingenumerationeu cyber policieseuropeeurope based ipseurope/asiaeuropean countrieseuropean ipeuropean ip addresseuropean ipseuropean locationseuropean nationseuropean origineuropean originating ipsexfiltrationexfiltration attemptsexploitexploit activityexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptsexploitation detectionexploited hostexploitsexternal attackexternal communicationexternal ipsexternal remote servicesexternal scanningexternal threatexternal threat actorexternal threat actorsexternal-threatfailed login attemptsfattfi ipfile-accessfinancefinancial servicesfinlandfrfr activityfr ipfr ip addressesfr ipsfr originfr originating ipfr originating ipsfrancefrance-based activityfrance-based threat actorfraud ordersfraud voipftpftp attacksftp brute forceftp brute-forceftp_attackftp_bruteforcegeo-distributedgeo-distributed activitygeo-distributed attackgeo-distributed attacksgeo-distributed threatgeo-diverse activitygeo-diverse attacksgeo-locationgeographic anomalygeographic attributiongeographic dispersiongeographic distributiongeographic distribution analysisgeographic distribution: chinageographic diversitygeographic locationgeographic origingeographic sourcegeographic source: argeographic source: chinageographic source: cngeographic source: degeographic source: germanygeographic source: usgeographic targetinggeographic threatgeographic threat sourcegeographical diversitygeographical origingeographical sourcegeographically distributedgeographically distributed activitygeographically distributed attacksgeographically distributed threatgeographically diversegeographically diverse activitygeographically diverse attackgeographically diverse attacksgeographically diverse ipsgeographically diverse originsgeographically diverse sourcesgeoipgeolocated attackgeolocated ipsgeopolitical context: cngermanygermany-based activitygermany-based attackgermany-based threat actorgithubglobal activityglobal attack originglobal ip distributionglobal threatglobal threat activityglobal threat actorsglobal threat landscapegreat britaingreat britain ipsgreat britain origingreat britain-based activityhackinghealth care and social assistancehealth information technologyhealthcare information systemshigh abuse scorehigh bdehigh bde scorehigh confidencehigh confidence indicatorhigh confidence iochigh confidence iocshigh confidence threathigh riskhigh risk iphigh risk scorehigh severityhigh suspicionhigh threat engagementhigh threat levelhigh threat potentialhigh threat scorehigh-risk ip activityhigh-risk ipshigh-risk isphigh-risk ispshk iphk ipshk originhk_activityhoneynet connecthoneytrap honeypothong konghong kong iphong kong ipshong kong originhong kong-based activityhospital managementhostile activityhosting provider abusehttp brute forcehttp bruteforcehttp port scanhttp scannerhttp scanninghttp_bruteforcehttpshttps port scanhttps scanninghttps trafficicelandics securityics/scada attacksidentity & access exploitationie ipie ipsimapindiaindicatorindicators of compromiseindonesiaindustrial control systemsindustrial iotinformation technologyinfostealerinfrastructure abuseinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinitial access attemptinitial access attemptsinitial footholdinitial-access-attemptinjection activityinjection attacksinternational activityinternet of thingsinternet-wide scanintrusion detectioniociocsiocs identifiediocs: 50 ipsiocs: ip addressiocs: ip addressesiocs: ipsiocs:ipiot analyticsiot applicationsiot attacksiot platformsiot securityiot targetediot/ics attackip-addressesip-based attacksip-onlyipphoney honeypotipv4ipv4 activityipv4-iocipv6iq ipiq ipsiq originiraqiraq based ipiraq ip addressesiraq originiraq originating attacksirelandisp-reputationisraelit infrastructureitalyjamaicajapanjapan ip addressjapan originating ipjarmjp ipjp ipskenyaknown bad actorsknown malicious hostingknown malicious infrastructureknown malicious ipknown malicious ispsknown threat actorsknown threat hostknown threat regionskoreakorea, republic ofkyrgyzstanlamplamp exploitation attemptslamp stack targetinglateral movementlateral movement attemptlateral movement attemptslateral movement detectionlebanonlebanon originating ipslithuanialog analysislogin attemptmailoney honeypotmalaysiamalicious activitymalicious activity detectedmalicious activity detectionmalicious behaviormalicious communicationmalicious domainmalicious hostmalicious hostingmalicious hostsmalicious infrastructuremalicious intentmalicious ip activitymalicious ip addressesmalicious ip communicationmalicious ipsmalicious ispmalicious ispsmalicious network activitymalicious network communicationmalicious network trafficmalicious powershell activitymalicious probemalicious softwaremalicious sslmalicious trafficmalicious-activitymalicious-ipmalicious-trafficmalicious_ipmalicious_trafficmalwaremalware activitymalware analysismalware beaconingmalware behaviourmalware c2malware capturemalware cncmalware communicationmalware deliverymalware detectionmalware distributionmalware distribution attemptsmalware download attemptsmalware hostingmalware indicatorsmalware infectionmalware infrastructuremalware propagationmalware propagation attemptsmalware trafficmass scanningmedical servicesmexicomitre-attackmongoliamoroccomulti-cloud managementmulti-country activitymulti-country attackmulti-country originmulti-national activitymulti-national originsmulti-national threatmulti-origin reconnaissance activitymulti-regional activitymulti-source attackmultiple countriesmultiple countries originmultiple geographic locationsmultiple geographic originsmultiple geolocation sourcesmultiple ipsmultiple origin attackmultiple origin ipsmultiple origin pointsmultiple originating countriesmultiple originsmultiple regionsnation-state activitynepalnetherlandsnetherlands originnetworknetwork activitynetwork anomaliesnetwork anomalynetwork anomaly detectionnetwork attacksnetwork behavior analysisnetwork communicationnetwork discoverynetwork enumerationnetwork exploitationnetwork infrastructurenetwork infrastructure targetednetwork intrusionnetwork intrusion activitynetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork intrusions detectednetwork monitoring recommendednetwork monitoring requirednetwork probenetwork probesnetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork threatnetwork threat activitynetwork trafficnetwork traffic analysisnetwork traffic monitoringnetwork-devicesnetwork-discoverynetwork-intrusionnetwork-reconnaissancenetwork_enumerationnetwork_reconnetwork_reconnaissancenew zealandnigerianorth americanorwayobserved iocsoceaniaopen proxyopenctiorganized cybercrimeorganized threat actorsoriginating country: argentinaoriginating country: chinaoriginating country: franceoriginating country: lebanonoutbound trafficp0fpanamaparaguayparispassword attackpassword attackspassword-guessingpatient carepattern-32pattern-38philippinesphishingphishing attackphishing attacksphishing trapphp-backup-grabping of deathpolandport-scanport-scanningportscanpossible aptpossible apt activitypossible backdoorpossible botnetpossible botnet activitypossible brute forcepossible c2 activitypossible c2 communicationpossible compromisepossible coordinated attackpossible credential accesspossible credential stuffingpossible exploit attemptspossible exploitationpossible initial accesspossible intrusionpossible lateral movementpossible malwarepossible malware c2possible malware distributionpossible malware infectionpossible port scanningpossible reconnaissancepossible reconnaissance activitypossible state-sponsored activitypossible threat actorpossible threat actorspotential aptpotential apt activitypotential attackpotential attack originpotential attack sourcepotential botnetpotential botnet activitypotential brute forcepotential c2potential c2 activitypotential compromisepotential connection proxypotential coordinated activitypotential coordinated attackpotential data breachpotential data exfiltrationpotential ddos preparationpotential dos preparationpotential exploit attemptpotential exploitationpotential initial accesspotential intrusionpotential intrusion attemptpotential lateral movementpotential malicious activitypotential malicious actorpotential malwarepotential malware activitypotential malware beaconingpotential malware communicationpotential malware distributionpotential malware infectionpotential network intrusionpotential network reconnaissancepotential phishing campaignpotential reconnaissancepotential reconnaissance activitypotential state-sponsored activitypotential threatpotential threat activitypotential threat actorpotential threat actorspotential vulnerability exploitationpotential_intrusionpotentially compromised hostspotentially maliciousproactive defenseproactive monitoringprocess injectionprotocol exploitationprotocol: unspecifiedproxyproxy activityproxy detectionqatarransomwareratrcerdp bruteforcerdp_attackreconnaissancereconnaissance activityreconnaissance_activityredis honeypotredishoneypot activityregional securityremote accessremote access attemptremote access attemptsremote access trojanremote code executionremote servicesremote services exploitationrepublic ofreputation-based blockingresearchresearchedresidential proxyresource developmentresource hijackingreverse-proxyrevproxyromaniaru ip addressesrussiarussia originrussian federationsaudi arabiascams & fraudscannerscannersscanning activityscanning and reconnaissancescanning_activityscope: broadscripting attackssecurity alertsecurity incidentsecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer sip attacksserbiaservice scanservices absftp access attemptssftp attacksingaporesingapore originsingapore originating attackssip attackssip brute forcesip vulnerability scansmart devicessmb attackssmb brute forcesmb scanningsmb_attacksmtpsmtp brute forcesocial engineeringsocradar honeypotsoftware developmentsoftware exploitationsouth africasouth americaspainspamspammingsql injectionsql-injectionsql_attacksshssh attackssh bruteforcessh monitoringssh-brutessh_attackssh_bruteforcesslssl certificatessl certificate analysisssl certificate enrichmentssl certificate validationssl certificate verificationssl communicationssl enrichmentssl-enrichmentssl/tlsssl/tls enrichmentssl_analysisstealcstix 2.1stix-2.1supply chain attacksupply-chainsuspected intrusionsuspected lateral movementsuspected malicious activitysuspected malicious trafficsuspected malwaresuspected threat actorsuspected unauthorized accesssuspected_attacksuspicioustrafficswedensyrian arab republicsystem discoveryt1003t1005t1006t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1036.006t1040t1041t1043t1046t1047t1049t1053t1053.005t1055t1057t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.002t1071.003t1071.004t1075t1076t1077t1078t1078.001t1078.002t1078.004t1082t1083t1086t1087t1090t1095t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1189t1190t1195.002t1203t1204t1204.002t1219t1486t1496t1499t1499.001t1499.002t1499.003t1535t1547.001t1550t1552t1552.001t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1568.002t1569t1571t1572t1573t1573.001t1573.002t1583t1583.001t1583.006t1584t1585t1586t1587.001t1588t1588.004t1589t1589.002t1590t1590.001t1590.002t1590.005t1592t1592.002t1592.004t1595t1595.001t1595.002t1595.003t1598t1598.003tactic: credential accesstactic: discoverytaiwantannertargeting databasetcp protocoltcp scanteam cymrutelecommunicationstelnet threattelnet_attacktencenttencent asntencent cloudtencent hostingtencent infrastructuretencent iptencent ipstencent network abusetencent related activitytftpthreat actorthreat actor activitythreat actor attributionthreat actor infrastructurethreat actor: unknownthreat actorsthreat assessmentthreat detectionthreat hostingthreat hosting infrastructurethreat hosting ispthreat intel feedthreat intelligencethreat intelligence feedthreat level: highthreat monitoringthreat preventionthreat sourcethreat-actor-unknownthreat-intelthreat-intelligencetlstor nodetpottraffic analysistraffic anomaliestraffic anomalytraffic monitoringturkeyudp scanuk based ipsuk ip addressuk originating ipukraineunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized network accessunited arab emiratesunited kingdomunited kingdom ipunited kingdom originunited statesunited states ipunited states ipsunited states originunknown adversaryunknown threat actorunusual network trafficus activityus based attacksus based ipsus ip addressus ip addressesus originus originatingus originating attacksus originating ipus originating ipsus-based activityus-based threat actorus-based threat actorsus-related activityus_activityusa based ipsusa based threatsusa-based attackusa-based threatuz originuzbekistanuzbekistan based ipuzbekistan ip addressesuzbekistan originuzbekistan originating attacksuzbekistan-based activityvalid accountsvenezuela, bolivarian republic ofviet namvietnamvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationvulnerability-scanningvultr-platformweb app attackweb application attackweb application scanningweb attackweb attacksweb exploitationweb protocolsweb spamweb trafficweb-application-attackweb-exploitweb-serversweb_application_attack

Activity Timeline

1 total obs

Jun 15Jun 15

Threat Activity Heatmap

· Peak: 2026-06-15

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

66%

Confidence

Reports

First seenJul 3, 2025

Last seenJun 15, 2026

GeolocationES

CountrySpain

LocationVélizy-Villacoublay, ENG

ASNAS211590

OrgFBW NETWORKS

Coords53.1472, -2.2314

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Score: 80/100 | Detector: threat_feed | Label: reported_abuse | Tags: reported_abuse, suspicious_activity
raw: inetnum: 185.177.72.0 - 185.177.72.255 netname: FR-FBW-NETWORKS-20161110 country: FR org: ORG-FNS23-RIPE admin-c: RC21564-RIPE tech-c: RC21564-RIPE abuse-c: ACRO59630-RIPE status: ALLOCATED PA mnt-routes: fr-rogercabot-mnt mnt-routes: lir-fr-fbw-networks-1-MNT mnt-by: lir-fr-fbw-networks-1-MNT mnt-by: RIPE-NCC-HM-MNT created: 2025-05-27T08:17:11Z last-modified: 2025-05-30T08:12:55Z source: RIPE organisation: ORG-FNS23-RIPE org-name: FBW NETWORKS SAS country: FR org-type: LIR address: 16 rue Grange Dame Rose address: 78140 address: V�lizy Villacoublay address: FRANCE phone: +33184207217 admin-c: GML75-RIPE tech-c: GML75-RIPE abuse-c: AR65110-RIPE mnt-ref: lir-fr-fbw-networks-1-MNT mnt-ref: RELCOMGROUP-EXT-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-fr-fbw-networks-1-MNT created: 2021-09-16T10:31:33Z last-modified: 2022-06-01T14:17:54Z source: RIPE # Filtered person: Roget Cabot address: Le rove phone: +336000000000 nic-hdl: RC21564-RIPE mnt-by: fr-rogercabot-mnt created: 2025-03-12T13:21:26Z last-modified: 2025-03-12T13:21:26Z source: RIPE route: 185.177.72.0/24 origin: AS211590 mnt-by: lir-fr-fbw-networks-1-MNT created: 2025-05-27T09:25:15Z last-modified: 2025-05-27T09:25:15Z source: RIPE
references: https://www.dugganusa.com, https://analytics.dugganusa.com/api/v1/stix-feed/v2, https://www.abuseipdb.com, https://voidvendor.com/intel, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-25/

`185.177.72.30`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey