IPMediumSignal 50/100

`216.180.246.141`

Location

France

Massy, Île-de-France

ASN

AS396982

Google LLC

First Seen

Sep 6, 2025

Last Seen

Jun 14, 2026

Sep 6

First Seen

294d ago

Jun 14

Last Seen

14d ago

Reports

source reports

50%

Confidence

medium

Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

50%

Signal Score

50 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

59 techniques

Network Information

Country

France

RegionMassy, Île-de-France

ASNAS396982

OrganizationGoogle LLC

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

22 reports50% confidence

Source reports

50%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive scanactive scanningaptattackaustraliaauthentication attemptsautomated attacksautomated threatautomated-attackbad reputationbad web botbankingblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2 trafficcisco devicecisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialsconnected devicescowriecowrie attackscowrie honeypotcowrie interactionscowrie logscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute-forcecredential compromise attemptcredential harvestingcredential stuffingcredential-stuffingcredit card servicesdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackddos attacksdecoy systemdefault credential abusedenial of servicedevice managementdictionary attackdionaea attacksdionaea honeypotdionaea interactionsdistributed attacksdnsdns attackencryptionenterprise networkingeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kitexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal access attemptsexternal threatexternal-threatfattfatt signaturesfinancefinancial servicesfinancial technologyfinlandfranceftpftp attacksftp brute forceftp brute-forcegermanyhackinghoneynet connecthoneytrap datahoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttp/sidentity & access exploitationindicators of compromiseindustrial iotinitial accessinjection activityinjection attacksinternet of thingsinternet-facingintrusion detectioniociot analyticsiot applicationsiot botnetiot device exploitationiot platformsiot securityiot targetediot/ics attackipv4ipv4-ioclamplamp attacklamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglamp vulnerability scanlateral movementlinuxlinux serverlinux serverslinux systemslinux-server-attacklogin attemptmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious ipmalicious softwaremalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware propagationmiraimirai botnetmodbusmssqlnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork-based attack attemptsnetwork-discoverynokia_deepfield-benignnorth americaoceaniaopen proxyp0fp0f signaturespassword attackpassword attackspayment processingphishingphishing attackphishing trapping of deathpolandport-scanningpossible malware distributionpossible mirai variantprocess injectionprotocol exploitationprotocol-abuseproxyransomwarerdp attacksreconnaissanceremote accessremote loginremote servicesresearchresearchedresource hijackingsansscanscannerscannersscanning activityscripting attackssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationservice scanservice scanningsftp access attemptsftp activitysftp attacksftp attackssftp exploitation attemptsftp-attacksipsip attackssip brute forcesip scanningsmart devicessmb attackssmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsshssh attackssh attacksssh monitoringssh-brutessh-brute-forcesuricata alertst-pott1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1589t1590t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcptcp protocoltcp scantelecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized-access-attemptunited statesusverified-benignvnc protocolvoipvoip attackvpnvpn ipvulnerability scanvultr-platformwealth managementweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitationweb scannerweb serverweb server attacksweb spamweb trafficweb-application-attack

Activity Timeline

1 total obs

Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

50%

Confidence

Reports

First seenSep 6, 2025

Last seenJun 14, 2026

GeolocationFR

CountryFrance

LocationMassy, Île-de-France

ASNAS396982

OrgGoogle LLC

Coords48.7217, 2.2831

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPV4 hosts detected performing scans on production environment located in Australia.
raw: NETWORK TRANSIT HOLDINGS LLC NTHL (NET-216-180-240-0-1) 216.180.240.0 - 216.180.247.255 IPXO LLC NET-216-180-246-0-24 (NET-216-180-246-0-1) 216.180.246.0 - 216.180.246.255 Internet Utilities NA LLC NETUTILS (NET-216-180-246-0-2) 216.180.246.0 - 216.180.246.255 Private Customer NET-216-180-246-0-24 (NET-216-180-246-0-3) 216.180.246.0 - 216.180.246.255

`216.180.246.141`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey