IOC Radar
IPMediumSignal 50/100

216.180.246.15

Location
United StatesUnited States
Massy, Île-de-France
ASN
AS396982
Google LLC
First Seen
Sep 6, 2025
Last Seen
Jun 14, 2026
Sep 6
First Seen
290d ago
Jun 14
Last Seen
9d ago
22
Reports
source reports
50%
Confidence
medium
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

51 techniques

Network Information

CountryUSUnited States
RegionMassy, Île-de-France
ASNAS396982
OrganizationGoogle LLC

Feed Intelligence Summary

22 reports50% confidence
22
Source reports
50%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningactor listadbadb protocoladbhoney honeypotand exploitation attemptsaptasiaattackattacker ipattacker-ipaustraliaautomated attackautomated attacksautomated threatautomated-attackautomated_attackbad reputationbad web botblacklisted ip addressblocklist_allbotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcec2 trafficcanadachinacisco devicecisco exploit attemptscisco exploitation attemptscisco_device_attackcloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromise attemptcompromised credentialscompromised hostcompromised host activityconpot honeypotcowriecowrie attackscowrie capturecowrie honeypotcowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute-forcecredential stuffingcredential-stuffingcredential_stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securitydatabase_serverddosddos attackddos attack indicatorsddos attacksddos preparationdecoy systemdefault credential abusedenial of servicedenial-of-servicedevice managementdictionary_attackdigital oceandionaea attacksdionaea capturedionaea honeypotdirectory traversaldistributed attacksdnsdns attackencryptionenterprise networkingenumerationeu cyber policieseuropeexfiltrationexploitexploit activityexploit attemptexploit kitexploit kit activityexploitationexploitation activityexploitation attemptexploitation attemptsexploitation_attemptexploited hostexternal access attemptsfattfinlandfrancefraud voipftpftp brute forceftp brute-forcegeneric exploitgermanyhackingheralding activityhoneynet connecthoneytrap datahoneytrap honeypothong konghttp brute forcehttp scannerhttp scanninghttp/shttpsics attacksics securityics/scada systemsidentity & access exploitationimapindustrial control systemsinitial accessinitial access attemptinitial_accessinjection activityinjection attacksinternet of thingsinternet-facinginternet_scannersintrusion detectioniociot attacksiot botnetiot device exploitationiot securityiot systemsiot targetediot/ics attackiot_attacklamplamp attacklamp exploit attemptslamp exploitation attemptslamp server attacklamp stacklamp stack attacklamp stack targetinglamp_stack_attacklateral movementlcialinux serverlinux serverslinux systemslinux-server-attacklogin attemptmailoney honeypotmalicious activitymalicious activity detectedmalicious softwaremalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmirai botnetmisp threatmodbusmodbus protocolmssqlmulti-protocol network scanningnetworknetwork attacksnetwork devicesnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork_reconnaissancenokia_deepfield-benignnorth americanull scanoceaniaopen threatot attacksotx pulsenametip0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathpinyinpla unitpolandport-scanningpossible malware distributionpossible mirai variantpotential botnetprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyransomwareransomware activityreconnaissanceregional securityremote accessremote servicesremote_access_serviceresearchresearchedresource hijackings7comms7comm protocolsansscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionserver exploitationservice scanservice scanningsftp access attemptsftp activitysftp attacksftp protocolsftp-attacksip protocolsip scanningsmb brute forcesmtpsmtp brute forcesocradar honeypotsoftware exploitationsql injectionsql injection attemptsssh attackssh monitoringssh protocolssh-brutessh-brute-forcesyn scansystem accesst-pott1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1590t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventionti advisorytor nodetpottsocudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized-access-attemptunit coverunited kingdomunited statesunknown threat actorusverified-benignvoipvoip attackvoip attacksweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitweb exploitationweb serversweb shell uploadsweb trafficweb-application-attackweb_attackweb_serverxmas scan

Activity Timeline

1 total obs
Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
22
Reports
First seenSep 6, 2025
Last seenJun 14, 2026
GeolocationUS
CountryUnited States
LocationMassy, Île-de-France
ASNAS396982
OrgGoogle LLC
Coords48.7217, 2.2831

VirusTotal

Not checked

WHOIS

description
Attacker IP, which aims to make sure all of us are able to speak to each other in public, has been put on hold until after the Christmas break because of a "technical issue".
raw
NETWORK TRANSIT HOLDINGS LLC NTHL (NET-216-180-240-0-1) 216.180.240.0 - 216.180.247.255 IPXO LLC NET-216-180-246-0-24 (NET-216-180-246-0-1) 216.180.246.0 - 216.180.246.255 Internet Utilities NA LLC NETUTILS (NET-216-180-246-0-2) 216.180.246.0 - 216.180.246.255 Private Customer NET-216-180-246-0-24 (NET-216-180-246-0-3) 216.180.246.0 - 216.180.246.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 9 days ago
Appeared in 22 threat reports