IPMediumSignal 40/100
216.180.246.219
Location
FranceMassy, Île-de-France
ASN
AS396982
Google LLC
First Seen
Sep 6, 2025
Last Seen
Jun 16, 2026
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
40%
Signal Score
40 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryFrance
FranceRegionMassy, Île-de-France
ASNAS396982
OrganizationGoogle LLC
Feed Intelligence Summary
15 reports40% confidence
15
Source reports
40%
Confidence score
Category tags
abuseactive scanactive scanningaptasiaattackattack source ipattacker-ipaustraliabad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcebrute-force attackc2chinacisco devicecisco exploitation attemptscommand & controlcommand and controlcommand injectioncommunication protocolcompromised hostcowriecowrie attackscowrie honeypotcowrie interactionscowrie logscredential accesscredential stuffingdata exfiltrationdata store exposuredatabase securityddosddos attackddos preparationdecoy systemdenial of servicedenial-of-servicedevice managementdionaeadionaea attacksdionaea honeypotdistributed attacksdnsdns attackenterprise networkingeu cyber policieseuropeexfiltrationexploitexploitationexploitation activityexploited hostfattfrancefraud voipftpftp brute forcehackinghoneytrap datahoneytrap honeypothong konghttp brute forcehttp scannerhttp scanninghttps scanningidentity & access exploitationinitial accessinjection activityinjection attacksintrusion detectioniot securityiot targetedlamplamp attacklamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlcialogin attemptmailoney honeypotmalicious activitymalicious activity detectedmalicious login attemptsmalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware distributionnetworknetwork discoverynetwork infrastructurenetwork intrusion attemptsnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork traffic analysisnokia_deepfield-benignnorth americanull scanoceaniap0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathpossible malware distributionpossible mirai variantpotential botnetprocess injectionprotocol exploitationproxyreconnaissanceregional securityremote accessremote servicesresearchresearchedresource hijackingsansscams & fraudscannerscanning activitysecurity operationssensor-taggedsentrypeer botnetsentrypeer detectionservice scansftp access attemptsftp activitysftp attacksingaporesip scanningsmtpsmtp brute forcespamsql injectionsshssh attackssh monitoringssh-brutesyn scant-pott1018t1021t1021.001t1021.002t1040t1041t1055t1059t1059.003t1059.004t1071t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566t1566.001t1589t1595t1595.001t1595.002t1595.003tannertargeting databasetcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunited kingdomunited statesusverified-benignvoipvoip attackvulnerability scanweb app attackweb application attackweb application scanningweb exploitationweb spamweb trafficxmas scan
Activity Timeline
Jun 16Jun 16
Threat Activity Heatmap
· Peak: 2026-06-16LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
40
SIGNAL
Signal Score
40%
Confidence
15
Reports
First seenSep 6, 2025
Last seenJun 16, 2026
GeolocationFR
CountryFrance
LocationMassy, Île-de-France
ASNAS396982
OrgGoogle LLC
Coords48.7217, 2.2831
VirusTotal
Not checked
WHOIS
- description
- Auto-submitted attacker IPs from 6-region honeypot mesh (cowrie/dionaea/heralding/suricata).
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 9 months ago · Last seen 7 days ago
Appeared in 15 threat reports