IOC Radar
IPMediumSignal 50/100

216.180.246.107

Location
FranceFrance
Massy, Ile-de-France
ASN
AS396982
Google LLC
First Seen
Sep 6, 2025
Last Seen
Jun 16, 2026
Sep 6
First Seen
291d ago
Jun 16
Last Seen
8d ago
24
Reports
source reports
50%
Confidence
medium
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

58 techniques

Network Information

CountryFRFrance
RegionMassy, Ile-de-France
ASNAS396982
OrganizationGoogle LLC

Feed Intelligence Summary

24 reports50% confidence
24
Source reports
50%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningactor listadbhoney honeypotaptasiaattackattacker ipsattacker-ipattacking-ipsaustraliaautomated attacksautomated threatautomated-attackbad reputationbad web botblacklist candidateblocklist_allblog spambotnetbotnet activitybotnet activity detectedbotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackc2 trafficchinacisco devicecisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication securitycompromised credentialsconpot honeypotcowriecowrie attackscowrie honeypotcowrie logscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential harvestingcredential stuffingcredential-stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdhcpdionaeadionaea attacksdionaea honeypotdistributed attacksdnsdns attackelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenterprise networkingenumerationeuropeexfiltrationexploitexploit attemptsexploit kitexploitation activityexploitation attemptexploitation of vulnerabilityexploited hostexternal access attemptsfattfinlandfrfrancefraud voipftpftp brute forceftp brute-forcegermanyhackingherolding attackshoneynet connecthoneytrap honeypothong konghttp brute forcehttp scannerhttp scanninghttp/shttpsics securityidentity & access exploitationimapindicators-of-compromiseindustrial control systemsinformation gatheringinitial accessinjection activityinjection attacksinternet of thingsinternet-facinginternet_scannersintrusion detectioniociot botnetiot securityiot targetediot/ics attackipphoney honeypotknown malicious iplamplamp attacklamp attackslamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlcialdaplinux serverslinux systemslinux-server-attacklogin attemptmailoney honeypotmalicious activitymalicious activity detectedmalicious softwaremalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmirai botnetmisp threatmssqlmysql brute forcenetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork servicesnokia_deepfield-benignnorth americantpoceaniaopen threatopportunistic-attackoracleotx pulsenametip0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathpinyinpla unitpolandport-scanningpossible exploit attemptpossible malware distributionpossible malware dropperpossible mirai variantpostgrespotential malware distributionpotential threat actorprocess injectionprotocol exploitationprotocol-abuseproxyransomwarereconnaissanceredisremote accessremote servicesresearchresearchedresource hijackingsansscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer attackssentrypeer botnetserver exploitationservice scanservice scanningsftp access attemptsftp activitysftp attacksftp attackssftp-attacksip attackssip brute forcesmbsmb brute forcesmtpsmtp brute forcesnmpsocial engineeringsocks5socradar honeypotsoftware exploitationspamsql injectionsshssh attackssh attacksssh monitoringssh-brutessh-brute-forcesystem accesst-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1589t1590t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnettelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventionthreat-intelligenceti advisorytor nodetpottsocudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized-access-attemptunit coverunited kingdomunited statesusverified-benignvncvnc protocolvoipvoip attackvulnerability scanvulnerability-scanningweb app attackweb applicationweb application attackweb application scanningweb attackweb attacksweb exploitweb exploitationweb spamweb trafficweb-application-attack

Activity Timeline

1 total obs
Jun 16Jun 16

Threat Activity Heatmap

· Peak: 2026-06-16
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
24
Reports
First seenSep 6, 2025
Last seenJun 16, 2026
GeolocationFR
CountryFrance
LocationMassy, Ile-de-France
ASNAS396982
OrgGoogle LLC
Coords48.7270, 2.2832

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=US; ports=8083,17002,56378 Location=Sydney, Australia.
raw
NETWORK TRANSIT HOLDINGS LLC NTHL (NET-216-180-240-0-1) 216.180.240.0 - 216.180.247.255 IPXO LLC NET-216-180-246-0-24 (NET-216-180-246-0-1) 216.180.246.0 - 216.180.246.255 Internet Utilities NA LLC NETUTILS (NET-216-180-246-0-2) 216.180.246.0 - 216.180.246.255 Private Customer NET-216-180-246-0-24 (NET-216-180-246-0-3) 216.180.246.0 - 216.180.246.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 8 days ago
Appeared in 24 threat reports