IPMediumSignal 54/100
216.180.246.1
Location
FranceMassy, Île-de-France
ASN
AS396982
Google LLC
First Seen
Sep 6, 2025
Last Seen
Jun 8, 2026
Sep 6
First Seen
286d ago
Jun 8
Last Seen
11d ago
18
Reports
source reports
54%
Confidence
medium
6/91
VirusTotal
detections
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryFrance
FranceRegionMassy, Île-de-France
ASNAS396982
OrganizationGoogle LLC
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
18 reports54% confidence
18
Source reports
54%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney activityadbhoney honeypotaptasiaattackattacker-ipaustraliaautomated attacksautomated threatautomated-attackbad reputationbad web botbankingblacklist candidateblacklist ipblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcebrute-force attackc2 trafficchinacisco devicecisco device targetingcisco exploitationcisco exploitation attemptscode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised hostconpot activityconpot honeypotcowriecowrie activitycowrie attackscowrie honeypotcowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential stuffingcredential-stuffingcredit card servicesdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackddos attacksddos preparationdecoy systemdenial of servicedenial-of-servicedevice managementdhcpdigital oceandionaea activitydionaea attacksdionaea honeypotdistributed attacksdnsdns attackelasticsearchencryptionenterprise networkingeu cyber policieseuropeexfiltrationexploitexploit kitexploitationexploitation activityexploitation attemptexploited hostexternal access attemptsfattfinancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp brute forcegermanyhackingheralding activityhoneynet connecthoneytrap datahoneytrap honeypothong konghttp brute forcehttp scannerhttp scanninghttp/sics securityidentity & access exploitationimapinbound scanindustrial control systemsinformation gatheringinitial accessinjection activityinjection attacksinternet of thingsinternet-facingintrusion detectioniociot botnetiot securityiot/ics attacklamplamp attacklamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlcialdaplinux serverslinux systemslinux-server-attacklogin attemptmailoney honeypotmalicious activitymalicious activity detectedmalicious scanmalicious softwaremalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmirai botnetmssqlnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork servicesnokia_deepfield-benignnorth americantpnull scanoceaniaoraclep0fpassword attackpassword attackspayment processingphishingphishing attackphishing trapping of deathpolandport-scanningpossible malware distributionpossible mirai variantpostgrespotential botnetprocess injectionprotocol exploitationprotocol-abuseproxyproxy protocolransomwarereconnaissancereconnaissance activityredisregional securityremote accessremote service exploitationremote servicesresearchresearchedresource hijackingsansscams & fraudscanscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionservice scanservice scanningsftp access attemptsftp activitysftp attacksftp-attacksip brute forcesip scanningsmbsmb brute forcesmtpsmtp brute forcesnmpsocks5socradar honeypotsoftware exploitationspamsshssh attackssh monitoringssh-brutessh-brute-forcesyn scansystem accesst-pott1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1077t1078t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetcp protocoltcp scantelecommunicationstelnettelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized-access-attemptunited kingdomunited statesusverified-benignvncvoipvoip attackwealth managementweb app attackweb application attackweb application scanningweb attacksweb exploitweb exploitationweb scannerweb spamweb trafficweb-application-attackxmas scan
Activity Timeline
Jun 8Jun 8
Threat Activity Heatmap
· Peak: 2026-06-08LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
18
Reports
First seenSep 6, 2025
Last seenJun 8, 2026
GeolocationFR
CountryFrance
LocationMassy, Île-de-France
ASNAS396982
OrgGoogle LLC
Coords48.7217, 2.2831
Proxy
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
- raw
- NETWORK TRANSIT HOLDINGS LLC NTHL (NET-216-180-240-0-1) 216.180.240.0 - 216.180.247.255 IPXO LLC NET-216-180-246-0-24 (NET-216-180-246-0-1) 216.180.246.0 - 216.180.246.255 Internet Utilities NA LLC NETUTILS (NET-216-180-246-0-2) 216.180.246.0 - 216.180.246.255 Private Customer NET-216-180-246-0-24 (NET-216-180-246-0-3) 216.180.246.0 - 216.180.246.255
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 9 months ago · Last seen 11 days ago
Appeared in 18 threat reports