IPMediumSignal 39/100
216.180.246.55
Location
FranceMassy, Île-de-France
ASN
AS396982
Google LLC
First Seen
Sep 6, 2025
Last Seen
Jun 14, 2026
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
39%
Signal Score
39 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryFrance
FranceRegionMassy, Île-de-France
ASNAS396982
OrganizationGoogle LLC
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
20 reports39% confidence
20
Source reports
39%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadbadbhoney activityadbhoney honeypotaptasiaattackattacker ipattacker-ipaustraliaautomated attacksautomated threatautomated-attackbad reputationbad web botblacklisted ip addressblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackc2chinacisco devicecisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand injectioncommunication protocolcompromised credentialscompromised hostconnected devicesconpot activityconpot honeypotcowriecowrie activitycowrie honeypotcowrie logscowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential attackcredential attackscredential brute forcecredential brute-forcecredential harvestingcredential stuffingcredential-stuffingcredential_accessdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackddos preparationdecoy systemdefault credential abusedenial of servicedenial-of-servicedetected botnet activitydevice managementdionaeadionaea activitydionaea honeypotdistributed attacksdnsdns attackdropperelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingeu cyber policieseuropeexploitexploit attemptexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal access attemptsfattfranceftpftp brute forcehackingheralding activityhoneytrap datahoneytrap honeypothong konghttp brute forcehttp scannerhttp scanninghttp/shttps scanningics securityidentity & access exploitationindustrial control systemsindustrial iotinitial accessinjection activityinjection attacksinternet of thingsinternet-facingintrusion detectioniociot analyticsiot applicationsiot device exploitationiot platformsiot securityiot targetediot/ics attackipphoney honeypotipv4lamplamp exploitation attemptlamp server attacklamp server targetinglamp stack attacklamp stack targetinglateral movementlateral movement attemptlcialinux serverlinux serverslinux systemslinux-server-attacklogin attemptmailoney honeypotmalicious activitymalicious softwaremalicious trafficmalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmobilemobile securitymodbusmssqlnetworknetwork attacksnetwork communicationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork servicesnetwork traffic analysisnokia_deepfield-benignnorth americanull scanoceaniaopen proxyp0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathport-scanningpossible malware infectionpossible mirai variantpotential botnetpotential threat actorprocess injectionprotocol exploitationprotocol-abuseproxyransomwarereconnaissanceredis honeypotredishoneypot activityregional securityremote accessremote servicesresearchresearchedresource hijackingsansscannerscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer sip attacksserver exploitationservice scanservice scanningsftp access attemptsftp access attemptssftp activitysftp attacksftp-attacksip brute forcesip scanningsip vulnerability scansmart devicessmtpsmtp brute forcesocial engineeringsocradar honeypotspamsql injectionsshssh attackssh monitoringssh-brutessh-brute-forcesyn scansystem accesst-pott1021t1021.001t1021.002t1021.004t1040t1041t1046t1053t1053.005t1055t1056t1059t1059.003t1059.004t1059.007t1064t1068t1071t1071.001t1076t1077t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1202t1203t1204.002t1486t1496t1497.001t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1573t1588t1589t1590.006t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetcp protocoltcp scantelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencetor nodetpotudp port scanudp scanunauthorized accessunauthorized loginunauthorized-access-attemptunited kingdomunited statesusverified-benignvoipvoip attackvulnerability scanweb app attackweb application attackweb application attacksweb attackweb attacksweb exploitweb exploitationweb spamweb trafficweb-application-attackxmas scan
Activity Timeline
Jun 14Jun 14
Threat Activity Heatmap
· Peak: 2026-06-14LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
39
SIGNAL
Signal Score
39%
Confidence
20
Reports
First seenSep 6, 2025
Last seenJun 14, 2026
GeolocationFR
CountryFrance
LocationMassy, Île-de-France
ASNAS396982
OrgGoogle LLC
Coords48.7217, 2.2831
Proxy
VirusTotal
Not checked
WHOIS
- description
- Auto-submitted attacker IPs from 6-region honeypot mesh (cowrie/dionaea/heralding/suricata).
- raw
- NETWORK TRANSIT HOLDINGS LLC NTHL (NET-216-180-240-0-1) 216.180.240.0 - 216.180.247.255 IPXO LLC NET-216-180-246-0-24 (NET-216-180-246-0-1) 216.180.246.0 - 216.180.246.255 Internet Utilities NA LLC NETUTILS (NET-216-180-246-0-2) 216.180.246.0 - 216.180.246.255 Private Customer NET-216-180-246-0-24 (NET-216-180-246-0-3) 216.180.246.0 - 216.180.246.255
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 9 months ago · Last seen 9 days ago
Appeared in 20 threat reports