IOC Radar
IPMediumSignal 49/100

216.180.246.199

Location
FranceFrance
Massy, Île-de-France
ASN
AS396982
Google LLC
First Seen
Sep 6, 2025
Last Seen
Jun 15, 2026
Sep 6
First Seen
295d ago
Jun 15
Last Seen
13d ago
23
Reports
source reports
49%
Confidence
medium
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
49%
Signal Score
49 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

49 techniques

Network Information

CountryFRFrance
RegionMassy, Île-de-France
ASNAS396982
OrganizationGoogle LLC

IP Category

Proxy
Proxy server

Feed Intelligence Summary

23 reports49% confidence
23
Source reports
49%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbhoney honeypotaptattackaustraliaautomated attackautomated-attackautomated_attackbad reputationbad web botbankingblacklist ipblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2 trafficcisco devicecisco exploitation attemptscisco_device_attackcloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromise attemptcompromised credentialscowrie attackscowrie honeypotcowrie logscowrie ssh honeypotcowrie ssh logscredential accesscredential attackcredential brute-forcecredential harvestingcredential stuffingcredential-stuffingcredential_stuffingcredit card servicesdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase securitydatabase_serverddosddos attackddos attacksdecoy systemdefault credential abusedenial of servicedevice managementdictionary_attackdionaea attacksdionaea honeypotdionaea malware samplesdistributed attacksdnsdns attackencryptionenterprise networkingeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kitexploitationexploitation activityexploitation attemptsexploitation of vulnerabilityexploitation_attemptexploited hostfattfilefinancefinancial servicesfinancial technologyfranceftpftp attacksftp brute forcegalahhackinghoneytrap datahoneytrap honeypothttphttp brute forcehttp scannerhttp scanninghttp/shttpsidentity & access exploitationindicators of compromiseinitial accessinitial_accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot device exploitationiot securityiot targetediot/ics attackiot_attackknown malicious iplamplamp attacklamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack targetinglamp vulnerability scanninglamp_stack_attacklateral movementlinux serverlinux-server-attackmailoney honeypotmalicious activitymalicious activity detectedmalicious file uploadsmalicious scanmalicious softwaremalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmirai botnetmodbusmssqlmysql brute forcenetworknetwork attacksnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork-based attack attemptsnetwork_reconnaissancenokia_deepfield-benignnorth americaoceaniap0fpassword attackpassword attackspayment processingphishingphishing attackphishing trapping of deathport-scanningportscanpossible exploit attemptpossible malware distributionpossible malware dropperpossible mirai variantprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy protocolransomwarerdp attacksreconnaissancereconnaissance activityredis honeypotremote accessremote access attemptsremote servicesremote_access_serviceresearchedresource hijackingsansscanscannerscannersscanning activityscripting attackssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionsentrypeer intrusion attemptsserver exploitationservice scansftp activitysftp attacksftp-attacksip attackssip brute forcesip scanningsmtpsmtp attackersmtp attackssmtp brute forcesocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptssshssh attackssh attacksssh monitoringssh-brute-forcet1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1076t1077t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1589t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpotudp port scanunauthorized access attemptunauthorized loginunauthorized-access-attemptunited statesusverified-benignvnc protocolvoipvoip attackvulnerability scanvultrwealth managementweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitationweb scannerweb shell uploadsweb spamweb trafficweb-application-attackweb_attackweb_server

Activity Timeline

1 total obs
Jun 15Jun 15

Threat Activity Heatmap

· Peak: 2026-06-15
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
49
SIGNAL
Signal Score
49%
Confidence
23
Reports
First seenSep 6, 2025
Last seenJun 15, 2026
GeolocationFR
CountryFrance
LocationMassy, Île-de-France
ASNAS396982
OrgGoogle LLC
Coords48.7217, 2.2831
Proxy

VirusTotal

Not checked

WHOIS

description
Live attacker IPs from Galah LLM HTTP honeypot on Raspberry Pi 5 (Qwen 2.5). Captures web scanners and exploit attempts. Updated hourly at :45.
raw
NETWORK TRANSIT HOLDINGS LLC NTHL (NET-216-180-240-0-1) 216.180.240.0 - 216.180.247.255 IPXO LLC NET-216-180-246-0-24 (NET-216-180-246-0-1) 216.180.246.0 - 216.180.246.255 Internet Utilities NA LLC NETUTILS (NET-216-180-246-0-2) 216.180.246.0 - 216.180.246.255 Private Customer NET-216-180-246-0-24 (NET-216-180-246-0-3) 216.180.246.0 - 216.180.246.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 13 days ago
Appeared in 23 threat reports