IOC Radar
IPMediumSignal 50/100

216.180.246.222

Location
FranceFrance
Massy, Île-de-France
ASN
AS396982
Google LLC
First Seen
Sep 6, 2025
Last Seen
Jun 4, 2026
Sep 6
First Seen
282d ago
Jun 4
Last Seen
10d ago
19
Reports
source reports
50%
Confidence
medium
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

44 techniques

Network Information

CountryFRFrance
RegionMassy, Île-de-France
ASNAS396982
OrganizationGoogle LLC

Feed Intelligence Summary

19 reports50% confidence
19
Source reports
50%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningaptasiaattackattack source ipattacker ipattacker-ipaustraliaautomated attackautomated threatbad reputationbad web botblacklist candidateblacklisted ip addressblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbruteforcec2chinacisco devicecisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand injectioncommunication protocolcommunication securitycompromised credentialscompromised hostcowrie attackscowrie honeypotcowrie interactionscowrie ssh logscredential accesscredential attackscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksddos preparationdecoy systemdenial of servicedenial-of-servicedevice managementdionaea attacksdionaea honeypotdistributed attacksdnsdns attackenterprise networkingeu cyber policieseuropeexfiltrationexploitexploit attemptexploitationexploitation activityexploitation of vulnerabilityexploited hostexternal access attemptsfattfrancefraud voipftpftp brute forcehackingheralding attackshoneytrap datahoneytrap honeypothong konghttp brute forcehttp scannerhttp scanninghttp/shttps scanningidentity & access exploitationinitial accessinitial access activityinjection activityinjection attacksinternet of thingsintrusion detectioniot botnetiot securityiot targetediot/ics attackipphoney activityipphoney honeypotjapanknown malicious iplamplamp attacklamp exploitation attemptslamp server attacklamp server attackslamp server targetinglamp stack attacklamp stack targetinglamp vulnerability scanlateral movementlcialinux systemslogin attacklogin attemptmailoney attacksmailoney honeypotmalicious activitymalicious activity detectedmalicious login attemptsmalicious payload detectionmalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware propagationmirai botnetmysql brute forcenetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnokia_deepfield-benignnorth americanull scanoceaniap0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathpossible exploit attemptpossible malware distributionpossible malware dropperpossible mirai variantpotential botnetprocess injectionprotocol exploitationproxyransomwarereconnaissanceredis honeypotredishoneypot activityregional securityremote accessremote servicesresearchedresource hijackingsansscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionservice enumerationservice scansftp access attemptsftp activitysftp attacksftp attackssftp exploitation attemptsingaporesip brute forcesip scanningsmtpsmtp brute forcesocial engineeringspamssh attackssh monitoringsynsyn scansystem accesst-pott1016t1018t1021t1021.001t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1590.006t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunited kingdomunited statesusverified-benignvoipvoip attackvulnerability scanweb app attackweb application attackweb application scanningweb attackweb exploitweb exploitationweb spamweb trafficxmas scan

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
19
Reports
First seenSep 6, 2025
Last seenJun 4, 2026
GeolocationFR
CountryFrance
LocationMassy, Île-de-France
ASNAS396982
OrgGoogle LLC
Coords48.7217, 2.2831

VirusTotal

Not checked

WHOIS

raw
NETWORK TRANSIT HOLDINGS LLC NTHL (NET-216-180-240-0-1) 216.180.240.0 - 216.180.247.255 IPXO LLC NET-216-180-246-0-24 (NET-216-180-246-0-1) 216.180.246.0 - 216.180.246.255 Internet Utilities NA LLC NETUTILS (NET-216-180-246-0-2) 216.180.246.0 - 216.180.246.255 Private Customer NET-216-180-246-0-24 (NET-216-180-246-0-3) 216.180.246.0 - 216.180.246.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 10 days ago
Appeared in 19 threat reports