IOC Radar
IPMediumSignal 54/100

216.180.246.201

Location
FranceFrance
Massy, Île-de-France
ASN
AS396982
Google LLC
First Seen
Sep 6, 2025
Last Seen
Jun 4, 2026
Sep 6
First Seen
272d ago
Jun 4
Last Seen
yesterday
17
Reports
source reports
54%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Network Information

CountryFRFrance
RegionMassy, Île-de-France
ASNAS396982
OrganizationGoogle LLC

Feed Intelligence Summary

17 reports54% confidence
17
Source reports
54%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadbhoney honeypotaptasiaattackattack source ipattacker-ipaustraliaautomated attacksautomated threatbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcebrute-force attackc2canadachinaciscocisco devicecisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommunication protocolcompromised hostcowriecowrie attackscowrie honeypotcowrie logscredential accesscredential attackscredential brute forcecredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea attacksdionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemailenterprise networkingeuropeexploitexploitationexploitation activityexploited hostexternal access attemptsfattfranceftpftp brute forcehackinghoneytrap honeypothttp brute forcehttp scannerhttp scanninghttp/sidentity & access exploitationinfrastructure scanninginjection activityinjection attacksintrusion detectioniociot securityiot targetedipphoney honeypotipv4lamplamp attacklamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlcialinux serverslinux systemsmailoney honeypotmalicious activitymalicious activity detectedmalicious email detectionmalicious softwaremalwaremalware behaviourmalware capturemalware distributionnetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnokia_deepfield-benignnorth americaoceaniap0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathportscanpossible malware distributionpossible mirai variantprocess injectionprotocol exploitationproxyransomwarereconnaissanceredis honeypotredishoneypotresearchresearchedresource hijackingsansscannerscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetservice discoveryservice enumerationservice scanservice scanningsftpsftp access attemptsftp activitysftp attacksingaporesipsmtpsmtp brute forcesmtp traffic analysissocial engineeringsocradar honeypotspamsshssh attackssh monitoringssh-brutet-pott1018t1021t1040t1041t1046t1055t1059t1059.003t1059.007t1071t1071.001t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1589t1590t1590.006t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetorontotpotudp port scanunattributed activityunauthorized accessunauthorized access attemptunited kingdomunited statesunknown threat actorusverified-benignvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb application scanningweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
17
Reports
First seenSep 6, 2025
Last seenJun 4, 2026
GeolocationFR
CountryFrance
LocationMassy, Île-de-France
ASNAS396982
OrgGoogle LLC
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=US; ports=6400 Location=Sydney, Australia.
raw
NETWORK TRANSIT HOLDINGS LLC NTHL (NET-216-180-240-0-1) 216.180.240.0 - 216.180.247.255 IPXO LLC NET-216-180-246-0-24 (NET-216-180-246-0-1) 216.180.246.0 - 216.180.246.255 Internet Utilities NA LLC NETUTILS (NET-216-180-246-0-2) 216.180.246.0 - 216.180.246.255 Private Customer NET-216-180-246-0-24 (NET-216-180-246-0-3) 216.180.246.0 - 216.180.246.255
references
https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-03/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 1 day ago
Appeared in 17 threat reports