IPMediumSignal 52/100

`216.180.246.28`

Location

United States

Massy, Delaware

ASN

AS396982

Google LLC

First Seen

Sep 6, 2025

Last Seen

Jun 19, 2026

Sep 6

First Seen

289d ago

Jun 19

Last Seen

4d ago

Reports

source reports

52%

Confidence

medium

Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

52%

Signal Score

52 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

58 techniques

Network Information

Country

United States

RegionMassy, Delaware

ASNAS396982

OrganizationGoogle LLC

Feed Intelligence Summary

23 reports52% confidence

Source reports

52%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive scanactive scanningadbadb protocoladbhoney honeypotand exploitation attemptsandroid device attacksaptasiaattackattacker ipattacker-ipaustraliaautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botbankingblacklisted ip addressblocklist_allblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcec2c2 communicationchinacisco devicecisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand injectioncommunication protocolcompromised credentialscompromised hostcompromised systemconpot honeypotcowriecowrie attackscowrie honeypotcowrie interactionscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential harvestingcredential stuffingcredential-stuffingcredential_accesscredit card servicesdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securitydcom exploitationddosddos attackddos attack indicatorsddos attacksddos botnetdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea attacksdionaea honeypotdirectory traversaldistributed attacksdnsdns attackdropperelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingeuropeexploitexploit attemptsexploit kit activityexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal access attemptsfattfinancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp attacksftp brute forceftp brute-forcegeneric exploitgermanyhackinghoneynet connecthoneytrap datahoneytrap honeypothong konghttp brute forcehttp scannerhttp scanninghttp/sicsics attacksics securityics/scada attacksics/scada systemsidentity & access exploitationindicators of compromiseindustrial control systemsinitial accessinitial access attemptinitial_accessinjection activityinjection attacksinternet of thingsinternet-facingintrusion detectioniociot attacksiot botnetiot securityiot systemsiot targetediot/ics attackipv4lamplamp attacklamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack targetinglateral movementlcialinux serverslinux systemslinux-server-attacklogin attemptmailoney honeypotmalicious activitymalicious activity detectedmalicious communication blockingmalicious domainmalicious network activitymalicious softwaremalicious-login-attemptsmalwaremalware beaconingmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmicrosoft technologiesmirai botnetmobilemobile securitymobile threatmodbusmodbus attacksmodbus protocolmulti-protocol network scanningnetworknetwork attacksnetwork device attacksnetwork devicesnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-based attack attemptsnetwork_devicenetworkscanningnokia_deepfield-benignnorth americaoceaniaot attacksp0fpassword attackpassword attackspayment processingphishingphishing attackphishing trapping of deathpolandport-scanningpossible credential reusepossible malware distributionpossible mirai variantprocess injectionprotocol exploitationprotocol-abuseproxyransomwareransomware activityrdp attacksreconnaissanceredis honeypotremote accessremote servicesresearchresearchedresource hijackingrpcs7comms7comm attackss7comm protocolsansscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionserver exploitationservice scanservice scanningsftp access attemptsftp activitysftp attacksftp protocolsftp-attacksip attackssip protocolsip scanningsmb attackssmb brute forcesmtpsmtp attackssmtp brute forcesocial engineeringsocradar honeypotspamspam botnetsql injectionsql injection attemptssshssh attackssh attacksssh monitoringssh protocolssh-brutessh-brute-forcesynsystem accesst-pott1021t1021.001t1021.002t1021.003t1021.004t1021.005t1029t1040t1041t1046t1047t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1064t1068t1071t1071.001t1076t1077t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1202t1203t1204.002t1486t1496t1497.001t1499.001t1499.002t1499.003t1505.002t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized-access-attemptunited kingdomunited statesunknown threat actorusverified-benignvnc protocolvoipvoip attackvoip attacksvulnerability scanwealth managementweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitweb exploitationweb scannerweb server attacksweb serversweb spamweb trafficweb-application-attackweb_application

Activity Timeline

1 total obs

Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

52%

Confidence

Reports

First seenSep 6, 2025

Last seenJun 19, 2026

GeolocationUS

CountryUnited States

LocationMassy, Delaware

ASNAS396982

OrgGoogle LLC

Coords39.7459, -75.5464

VirusTotal

Not checked

WHOIS

description: Observed on T-Pot within last 24h; sensors=honeytrap, p0f, suricata; threshold?1; private IPs excluded. geo=US; ports=8083 Location=Sydney, Australia.
raw: NETWORK TRANSIT HOLDINGS LLC NTHL (NET-216-180-240-0-1) 216.180.240.0 - 216.180.247.255 IPXO LLC NET-216-180-246-0-24 (NET-216-180-246-0-1) 216.180.246.0 - 216.180.246.255 Internet Utilities NA LLC NETUTILS (NET-216-180-246-0-2) 216.180.246.0 - 216.180.246.255 Private Customer NET-216-180-246-0-24 (NET-216-180-246-0-3) 216.180.246.0 - 216.180.246.255

`216.180.246.28`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey