IPMediumSignal 52/100
216.180.246.123
Location
FranceMassy, Île-de-France
ASN
AS396982
Google LLC
First Seen
Sep 6, 2025
Last Seen
Jun 14, 2026
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
52%
Signal Score
52 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryFrance
FranceRegionMassy, Île-de-France
ASNAS396982
OrganizationGoogle LLC
Feed Intelligence Summary
24 reports52% confidence
24
Source reports
52%
Confidence score
Category tags
abuseactive scanactive scanningadbadb exploitaptattackaustraliaautomated attackautomated-attackautomated_attackbad reputationbad web botbankingblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptsbrute-forcebrute-force attackbrute_forcec2cisco devicecisco device targetingcisco exploitationcisco exploitation attemptscisco_device_attackcommand & controlcommand and controlcommand injectioncommunication protocolcompromise attemptcompromised hostconpot honeypotcowriecowrie honeypotcowrie ssh honeypotcredential accesscredential attackcredential brute-forcecredential harvestingcredential stuffingcredential-stuffingcredential_stuffingcredit card servicesdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securitydatabase_serverddosddos attackddos preparationdecoy systemdefault credential abusedenial of servicedenial-of-servicedetected botnet activitydevice managementdictionary_attackdigital oceandionaea honeypotdistributed attacksdnsdns attackdropperencryptionenterprise networkingeu cyber policieseuropeexploitexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation_attemptexploited hostfattfinancefinancial servicesfinancial technologyfrancefraud voipftpftp brute forcehackinghoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanninghttp/shttpshttps scanningics securityidentity & access exploitationindicatorindustrial control systemsinitial accessinitial_accessinjection activityinjection attacksinternet-facingintrusion detectioniociot device exploitationiot securityiot targetediot/ics attackiot_attackknown malicious iplamplamp exploitationlamp server attacklamp stack attacklamp stack targetinglamp_stack_attacklateral movementlinux serverlinux-server-attacklogin attemptmailoney honeypotmalicious activitymalicious adb activitymalicious payload detectionmalicious softwaremalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmobilemobile securitymodbusmssqlmysql brute forcenetworknetwork attacksnetwork communicationnetwork discoverynetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork_reconnaissancenokia_deepfield-benignnorth americanull scanoceaniaopen port detectionp0fpassword attackpassword attackspayment processingphishingphishing attackphishing trapping of deathport-scanningpossible botnet activitypossible exploit attemptpossible malware dropperpossible mirai variantpotential botnetpotential exploit activitypotential threat actorprivilege escalationprocess injectionprotocol exploitationprotocol-abuseransomwarereconnaissanceregional securityremote accessremote service exploitationremote servicesremote_access_serviceresearchresearchedresource hijackingsansscams & fraudscannerscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetsentrypeer detectionserver exploitationservice enumerationservice scansftp access attemptsftp activitysftp attacksftp-attacksip scanningsmtpsmtp brute forcesocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptssshssh attackssh monitoringssh-brutessh-brute-forcesyn scansystem accesst1021t1021.001t1021.002t1021.004t1040t1041t1046t1053t1055t1056t1059t1059.003t1059.004t1059.007t1064t1071t1071.001t1076t1077t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1566.002t1566.003t1571t1573t1588t1589t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencetor nodetpotudp port scanudp scanunauthorized accessunauthorized loginunauthorized-access-attemptunited statesusverified-benignvoipvoip attackwealth managementweb app attackweb application attackweb application attacksweb attackweb attacksweb exploitweb exploitationweb scannerweb shell uploadsweb spamweb trafficweb-application-attackweb_attackweb_serverxmas scan
Activity Timeline
Jun 14Jun 14
Threat Activity Heatmap
· Peak: 2026-06-14LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
52
SIGNAL
Signal Score
52%
Confidence
24
Reports
First seenSep 6, 2025
Last seenJun 14, 2026
GeolocationFR
CountryFrance
LocationMassy, Île-de-France
ASNAS396982
OrgGoogle LLC
Coords37.7510, -97.8220
VirusTotal
Not checked
WHOIS
- description
- Auto-submitted attacker IPs from 6-region honeypot mesh (cowrie/dionaea/heralding/suricata).
- raw
- NETWORK TRANSIT HOLDINGS LLC NTHL (NET-216-180-240-0-1) 216.180.240.0 - 216.180.247.255 IPXO LLC NET-216-180-246-0-24 (NET-216-180-246-0-1) 216.180.246.0 - 216.180.246.255 Internet Utilities NA LLC NETUTILS (NET-216-180-246-0-2) 216.180.246.0 - 216.180.246.255 Private Customer NET-216-180-246-0-24 (NET-216-180-246-0-3) 216.180.246.0 - 216.180.246.255
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 9 months ago · Last seen 13 days ago
Appeared in 24 threat reports