IPMediumSignal 52/100
216.180.246.187
Location
FranceMassy, Île-de-France
ASN
AS396982
Google LLC
First Seen
Sep 6, 2025
Last Seen
Jun 19, 2026
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
52%
Signal Score
52 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryFrance
FranceRegionMassy, Île-de-France
ASNAS396982
OrganizationGoogle LLC
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
20 reports52% confidence
20
Source reports
52%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadbhoney honeypotaptasiaattackattacker-ipaustraliaautomated-attackbad reputationbad web botblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackc2 trafficchinacisco devicecisco exploitationcisco exploitation attemptcloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised hostconpot honeypotcowriecowrie honeypotcowrie interactionscowrie ssh honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential-accesscredential-stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase intrusion attemptdatabase securityddosddos attackddos attacksddos probingdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea honeypotdnsdns attackencryptionenterprise networkingeuropeexfiltrationexploitexploit attemptsexploit kitexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploited hostfattfinlandfrancefraud voipftpftp attacksftp brute forcegermanyhackinghoneynet connecthoneytrap honeypothong konghttp brute forcehttp scannerhttp scanningics securityidentity & access exploitationinbound scanindicators of compromiseindustrial control systemsinitial accessinjection activityinjection attacksinternet-facingintrusion detectioniociot securityiot/ics attackipphoney honeypotipv4lamplamp exploitationlamp server attacklamp server targetinglamp stack attacklateral movementlcialinux-server-attacklogin attemptmailoney honeypotmalicious activitymalicious ip addressesmalicious softwaremalicious-login-attemptsmalicious-scanmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork-based attack attemptsnetwork-reconnaissancenokia_deepfield-benignnorth americaoceaniaopen proxyp0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible credential reusepossible mirai variantprocess injectionprotocol exploitationprotocol-abuseproxyransomwarerdp attacksreconnaissanceredis honeypotremote accessremote service exploitationremote servicesresearchresearchedresource hijackingsansscams & fraudscannerscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetserver exploitationservice scanservice-discoverysftp access attemptsftp activitysftp attacksftp-attacksip scanningsmb brute forcesmtpsmtp attackssmtp brute forcesocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptssshssh attackssh attacksssh monitoringssh-brutessh-brute-forcet-pott1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1590.002t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantcp-scantelecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat actor: unknownthreat detectionthreat intelligencethreat intelligence feedtor nodetpotudp port scanudp scanudp-scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized-access-attemptunited kingdomunited statesusverified-benignvnc protocolvoipvoip attackvpnvpn ipvultrweb app attackweb application attackweb application attacksweb attackweb attacksweb exploitationweb shell uploadsweb spamweb trafficweb-application-attack
Activity Timeline
Jun 19Jun 19
Threat Activity Heatmap
· Peak: 2026-06-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
52
SIGNAL
Signal Score
52%
Confidence
20
Reports
First seenSep 6, 2025
Last seenJun 19, 2026
GeolocationFR
CountryFrance
LocationMassy, Île-de-France
ASNAS396982
OrgGoogle LLC
Coords48.7217, 2.2831
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- Observed making inbound scans on 2026-05-28 07:33:13
- raw
- NETWORK TRANSIT HOLDINGS LLC NTHL (NET-216-180-240-0-1) 216.180.240.0 - 216.180.247.255 IPXO LLC NET-216-180-246-0-24 (NET-216-180-246-0-1) 216.180.246.0 - 216.180.246.255 Internet Utilities NA LLC NETUTILS (NET-216-180-246-0-2) 216.180.246.0 - 216.180.246.255 Private Customer NET-216-180-246-0-24 (NET-216-180-246-0-3) 216.180.246.0 - 216.180.246.255
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 9 months ago · Last seen 6 days ago
Appeared in 20 threat reports