IPMediumSignal 51/100

`185.177.72.52`

Location

France

Vélizy-Villacoublay, ENG

ASN

AS211590

FBW NETWORKS

First Seen

Aug 12, 2025

Last Seen

Jun 4, 2026

Aug 12

First Seen

299d ago

Jun 4

Last Seen

3d ago

Reports

source reports

51%

Confidence

medium

Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

51%

Signal Score

51 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

86 techniques

Network Information

Country

France

RegionVélizy-Villacoublay, ENG

ASNAS211590

OrganizationFBW NETWORKS

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

27 reports51% confidence

Source reports

51%

Confidence score

Category tags

50 ip addresses50_iocsabuseabused ssl certificateabuseipdbaccess controlaccount compromiseactive scanactive scanningactuator-endpointsadb attacksadbhoney honeypotafricaalibaba cloudapacheapache attackerapi-discoveryapplication layer protocolaptar ipargentinaargentina ip addressesargentina originasiaaspattackattack preparatoryattacker ipattacker-ipaustraliaaustriaauthentication attacksauthentication attemptsauto-blockedauto-blocked ipsauto-generatedauto-updatedautomated attackautomated attack attemptsautomated attacksautomated blockingautomated mitigationautomated multi-vector probingautomated-attackawsaws credential harvestingaws-credentialsbackup-filesbad reputationbad web botbangladeshbde 80bde 80+bde scorebde score 80bde score 80+bde score: 80belgiumblacklist hitblock listblockedblocked-ipsblocklist_allblog spambolivarian republic ofbotnetbotnet activitybrand weaponizationbrazilbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force-attackbrute_forcec2c2 activityc2 communicationcanadachinachina based threatschina ip addresseschina mobilechina originciscocisco brute forcecisco devicecisco device attackscloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecn ipcnc communicationcode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromise assessmentcompromise indicatorscompromised hostcompromised hostscompromised infrastructureconpotconpot honeypotcowriecowrie honeypotcredential accesscredential access attemptcredential harvestingcredential stuffingcredential theftcredential-stuffingcredential_stuffingcredentialscross-site scriptingcryptocurrencycryptocurrency threatscryptojackingcve exploitationcyber threatsdata encryptiondata exfiltrationdata exfiltration attemptsdata store exposuredata-accessdata-exfiltrationdatabase attackdatabase probingdatabase securityddosddos attackde ipde ip addressesdecoy systemdenial of servicedevice managementdhcpdictionary attackdigital oceandionaeadionaea honeypotdirectory traversaldistributed attacksdiverse geographic origindugganusa threat intelligenceelasticpot honeypotelasticsearchelasticsearch monitoringelectronic health recordsemailemerging threatencryptionenterprise networkingenumerationeu cyber policieseuropeeurope/asiaeuropean nationsexploitexploit attemptexploitationexploitation activityexploitation attemptsexploitation detectionexploited hostexploitsexternal attackexternal remote servicesexternal-scanningexternal_threatfattfi ipfinancefinancial servicesfinlandfrfr ipfr ip addressesfrancefraud ordersfraud voipftpftp attacksftp brute forceftp brute-forceftp_attackgeo-distributed attacksgeographic distributiongeographic origingeographically diverse attacksgeographically diverse ipsgermanygithubglobal threatglobal threat landscapegreat britainhackinghealth care and social assistancehealth information technologyhealthcare information systemshigh bdehigh bde scorehk abusehandlerhk iphoneytrap honeypothong konghong kong ipshospital managementhttp brute forcehttp scannerhttp scanninghttpsicelandics securityics/scada attacksidentity & access exploitationie ipimapimap brute forceindiaindicatorindonesiaindustrial control systemsinformation gatheringinformation technologyinformation-disclosureinfostealerinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptsinitial-accessinjection activityinjection attacksinternet-facing assetsinternet-facing serviceinternet-wide scaninternet_scannersintrusion detectioniociocsiocs: 50 ipsiocs: ip addressesiot attacksiot securityiot/ics attackip-addressip-onlyipphoney honeypotipv4ipv4_activityipv4_addressiq ipiraqirelandisp-reputationit infrastructureitalyjamaicajapanjp ipjspkenyakoreakorea, republic ofkyrgyzstanlamplateral movementlateral movement detectionldapldap enumerationlebanonlinux_server_attackslithuanialocal file inclusionmailoney honeypotmalaysiamalicious activitymalicious communicationmalicious ip activitymalicious ip addressesmalicious ipsmalicious network activitymalicious network trafficmalicious payloadmalicious softwaremalicious trafficmalicious-activitymalicious_trafficmalwaremalware behaviourmalware c2malware capturemalware communicationmalware distributionmalware download attemptsmalware hostingmalware propagation attemptsmalware_activitymedical servicesmemcached attackmexicomitre-attackmongoliamoroccomssqlmssql brute forcemultiple countriesmultiple geographic locationsmultiple originsnepalnetherlandsnetworknetwork activitynetwork anomaliesnetwork attacksnetwork communicationnetwork discoverynetwork enumerationnetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnetwork-attacknetwork-devicesnetwork-reconnaissancenetwork_discoverynetwork_scanningnew zealandnigerianorth americanorwayntpntp amplificationoceaniaopen proxyopenctioracleoracle database attackosint enrichmentp0fparaguaypassword attackspassword-guessingpatient carepattern-32pattern-38pgp signphilippinesphishingphishing attackphishing trapphp-backup-grabping of deathpolandport-scanport-scanningportscanpossible c2 communicationpossible reconnaissancepossible threat actorspotential compromisepotential ddos preparationpotential dos preparationpotential malwarepotential malware distributionpotential reconnaissance activitypotential threatpotential threat actorspotential vulnerability probingprocess injectionprotocol exploitationproxyransomwarerdp_attackreconnaissancereconnaissance activityreconnaissance_activityregional securityremote accessremote access attemptremote access attemptsremote code executionremote file inclusionremote servicesrepublic ofresearchedresidential proxyresource hijackingreverse proxyreverse-proxyrevproxyromaniarussiarussian federationscams & fraudscanscannerscannersscanning activityscanning and reconnaissancescripting attacksscripting languagesecurity operationssecurity policysensor-taggedsentrypeer botnetserbiaserver exploitationservice discoveryservice scansftpsftp attacksingaporesipsip attackssip brute forcesip scanningsmb attackssmb scanningsmb_attacksmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocks5socks5 proxy detectionsocradar honeypotsoftware developmentsoftware exploitationsouth africasouth americaspamspring-bootspring-boot-actuatorsql injectionsql-injectionsql_attacksshssh attackssh monitoringssh_attacksslssl certificatessl certificate enrichmentssl-enrichmentssl/tlsssl/tls enrichmentstealcstix 2.1stix-2.1supply chain attacksupply-chainswedensyn scansyrian arab republict1003t1005t1016t1016.001t1018t1021t1021.001t1021.002t1027t1036.006t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1083t1087t1090t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1188t1189t1190t1195.002t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1547.001t1552t1552.001t1555.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1567t1573t1573.001t1573.002t1583t1583.001t1583.006t1585t1586t1587.001t1588.004t1589t1590t1590.001t1590.004t1590.005t1592t1595t1595.001t1595.002t1595.002: vulnerability scanningt1595.003tactic: credential accesstactic: discoverytaiwantannertargeting databasetcp protocoltcp-scanningteam cymrutelecommunicationstelnet threattelnet_attacktencentthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelthreat-intelligencethreat_intelligencetor nodetorontotpottraffic analysistraffic anomalyturkeyudp port scanudp-scanningukraineunauthorized accessunauthorized access attemptsunauthorized probingunited arab emiratesunited kingdomunited kingdom ipunited statesunited states ipunited states originunknown threat actorus abuseus ip addressesus noneus sourceusa based threatsuzbekistanvenezuela, bolivarian republic ofvnc protocolvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationvulnerability-scanvulnerability-scanningvultrwebweb app attackweb applicationweb application attackweb application exploitationweb attackweb attack activityweb attacksweb developmentweb exploitationweb reconnaissanceweb spamweb trafficweb-applicationweb-attackweb-exploitweb-serversweb_application_attackweb_attack

Activity Timeline

1 total obs

Jun 4Jun 4

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

51%

Confidence

Reports

First seenAug 12, 2025

Last seenJun 4, 2026

GeolocationFR

CountryFrance

LocationVélizy-Villacoublay, ENG

ASNAS211590

OrgFBW NETWORKS

Coords53.1472, -2.2314

ProxyVPN

VirusTotal

Not checked

WHOIS

description: AbuseIPDB 100% | FR | FBW NETWORKS SAS
raw: inetnum: 185.177.72.0 - 185.177.72.255 netname: FR-FBW-NETWORKS-20161110 country: FR org: ORG-FNS23-RIPE admin-c: RC21564-RIPE tech-c: RC21564-RIPE abuse-c: ACRO59630-RIPE status: ALLOCATED PA mnt-routes: fr-rogercabot-mnt mnt-routes: lir-fr-fbw-networks-1-MNT mnt-by: lir-fr-fbw-networks-1-MNT mnt-by: RIPE-NCC-HM-MNT created: 2025-05-27T08:17:11Z last-modified: 2025-05-30T08:12:55Z source: RIPE organisation: ORG-FNS23-RIPE org-name: FBW NETWORKS SAS country: FR org-type: LIR address: 16 rue Grange Dame Rose address: 78140 address: V�lizy Villacoublay address: FRANCE phone: +33184207217 admin-c: GML75-RIPE tech-c: GML75-RIPE abuse-c: AR65110-RIPE mnt-ref: lir-fr-fbw-networks-1-MNT mnt-ref: RELCOMGROUP-EXT-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-fr-fbw-networks-1-MNT created: 2021-09-16T10:31:33Z last-modified: 2022-06-01T14:17:54Z source: RIPE # Filtered person: Roget Cabot address: Le rove phone: +336000000000 nic-hdl: RC21564-RIPE mnt-by: fr-rogercabot-mnt created: 2025-03-12T13:21:26Z last-modified: 2025-03-12T13:21:26Z source: RIPE route: 185.177.72.0/24 origin: AS211590 mnt-by: lir-fr-fbw-networks-1-MNT created: 2025-05-27T09:25:15Z last-modified: 2025-05-27T09:25:15Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://voidvendor.com/intel, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-12/, https://analytics.dugganusa.com/api/v1/stix-feed/v2, https://www.abuseipdb.com, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/webexploit-aws-credentials-ip-list-2026-03-08/, https://jamesbrine.com.au/webexploit-php-backup-grab-ip-list-2026-03-08/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-25/, https://jamesbrine.com.au/cfglobal-web-ip-list-2026-03-24/, https://jamesbrine.com.au/webexploit-spring-boot-actuator-ip-list-2026-03-23/, https://jamesbrine.com.au/webexploit-php-backup-grab-ip-list-2026-03-23/, https://jamesbrine.com.au/webexploit-aws-credentials-ip-list-2026-03-23/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/cfglobal-web-ip-list-2026-03-18/, https://analytics.dugganusa.com/api/v1/stix-feed, https://www.dugganusa.com, https://analytics.dugganusa.com/v2, https://www.dugganusa.com/post/from-1-to-5-how-we-mapped-a-post-operation-endgame-c2-infrastructure, https://www.dugganusa.com/post/we-found-their-server-pattern-38-c2-infrastructure-exposed, https://www.dugganusa.com/post/pattern-43-the-password-is-in-the-filename, https://www.dugganusa.com/post/stealc-rhadamanthys-anatomy-of-a-github-supply-chain-infostealer, https://www.dugganusa.com/post/pattern-38-github-supply-chain-attacks-use-stolen-developer-credentials-from-2023-breaches

`185.177.72.52`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy