IPMediumSignal 36/100
216.180.246.127
Location
FranceMassy, Île-de-France
ASN
AS396982
Google LLC
First Seen
Sep 6, 2025
Last Seen
Jun 14, 2026
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
36%
Signal Score
36 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryFrance
FranceRegionMassy, Île-de-France
ASNAS396982
OrganizationGoogle LLC
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
19 reports36% confidence
19
Source reports
36%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive reconnaissanceactive scanactive scanninganomaly attackaptasiaattackattacker ipattacker-ipaustraliaautomated attacksautomated threatautomated-attackbad reputationbad web botblacklist ipblacklisted ip addressblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackc2 trafficchinacisco devicecisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised hostcontainer securitycowrie activitycowrie attackscowrie honeypotcowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential harvestingcredential stuffingcredential-stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackddos attacksddos preparationdecoy systemdenial of servicedenial-of-servicedevice managementdionaea activitydionaea attacksdionaea honeypotdistributed attacksdnsdns attackdockerelasticelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingeu cyber policieseuropeeuropean ip addressesexfiltrationexploitexploit attemptexploit kitexploitationexploitation activityexploitation attemptexploited hostexternal access attemptsfattfloodfrancefraud voipftpftp brute forcehackinghoneytrap datahoneytrap honeypothong konghttp brute forcehttp scannerhttp scanninghttp/sidentity & access exploitationids alertinitial accessinjection activityinjection attacksinternet of thingsinternet-facingintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4 scanningjapanlamplamp attacklamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlcialinux serverslinux systemslinux-server-attacklogin attemptmail servermailoney honeypotmalicious activitymalicious activity detectedmalicious network activitymalicious scanmalicious softwaremalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmirai botnetnetworknetwork attacksnetwork discoverynetwork floodnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork servicesnetwork_enumerationnokia_deepfield-benignnorth americanull scanoceaniap0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathport-scanningpossible malware distributionpossible mirai variantpotential botnetprocess injectionprotocol exploitationprotocol-abuseproxyproxy protocolransomwarerdp scanningreconnaissancereconnaissance activityregional securityremote accessremote servicesresearchedresource hijackingsansscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionservice scanservice scanningsftp access attemptsftp activitysftp attacksftp-attacksip brute forcesip scanningsmtpsmtp brute forcesocial engineeringsocradar honeypotsoftware exploitationspamsshssh attackssh brute-forcessh monitoringssh-brute-forcesyn floodsyn scansystem accesst-pott1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1071t1071.001t1076t1077t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1589t1590t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet scanningtelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottraffic anomalyudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized-access-attemptunited kingdomunited statesusverified-benignvoipvoip attackvulnerability scanvultr cloud infrastructurewaf alertweb app attackweb application attackweb application scanningweb attackweb attacksweb exploitweb exploitationweb scannerweb spamweb trafficweb-application-attackxmas scan
Activity Timeline
Jun 14Jun 14
Threat Activity Heatmap
· Peak: 2026-06-14LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
36
SIGNAL
Signal Score
36%
Confidence
19
Reports
First seenSep 6, 2025
Last seenJun 14, 2026
GeolocationFR
CountryFrance
LocationMassy, Île-de-France
ASNAS396982
OrgGoogle LLC
Coords48.7217, 2.2831
Proxy
VirusTotal
Not checked
WHOIS
- raw
- NETWORK TRANSIT HOLDINGS LLC NTHL (NET-216-180-240-0-1) 216.180.240.0 - 216.180.247.255 IPXO LLC NET-216-180-246-0-24 (NET-216-180-246-0-1) 216.180.246.0 - 216.180.246.255 Internet Utilities NA LLC NETUTILS (NET-216-180-246-0-2) 216.180.246.0 - 216.180.246.255 Private Customer NET-216-180-246-0-24 (NET-216-180-246-0-3) 216.180.246.0 - 216.180.246.255
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 9 months ago · Last seen 13 days ago
Appeared in 19 threat reports