IOC Radar
IPMediumSignal 50/100

216.180.246.56

Location
FranceFrance
Massy, Île-de-France
ASN
AS396982
Google LLC
First Seen
Sep 6, 2025
Last Seen
Jun 14, 2026
Sep 6
First Seen
294d ago
Jun 14
Last Seen
13d ago
20
Reports
source reports
50%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

58 techniques

Network Information

CountryFRFrance
RegionMassy, Île-de-France
ASNAS396982
OrganizationGoogle LLC

IP Category

Proxy
Proxy server

Feed Intelligence Summary

20 reports50% confidence
20
Source reports
50%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney honeypotaptattackattacker ipaustraliaautomated attackautomated attacksautomated threatautomated-attackautomated_attackbad reputationbad web botbankingblacklist ipblacklisted ip addressblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2 communicationcisco brute forcecisco devicecisco device attackcisco exploitation attemptscisco_device_attackclasscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostconfiguration modificationcountcountrycowriecowrie attackscowrie honeypotcowrie logscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute-forcecredential harvestingcredential stuffingcredential-stuffingcredential_stuffingcredit card servicescron injectiondata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securitydatabase_serverddosddos attackddos attacksddos botnetddos reflectiondecoy systemdefault credential abusedenial of servicedevice managementdhcpdictionary_attackdionaeadionaea attacksdionaea honeypotdistributed attacksdnsdns attackelasticsearchencryptionenterprise networkingeuropeeventsexploitexploit attemptexploitationexploitation activityexploitation attemptexploitation attemptsexploitation_attemptexploited hostexternal access attemptsfattfieldfinancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp brute forcegermanyhackinghoneynet connecthoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanninghttp/shttpsidentity & access exploitationimapinitial accessinitial_accessinjection activityinjection attacksinternet of thingsinternet-facingintrusion detectioniociot botnetiot device exploitationiot securityiot targetediot/ics attackiot_attackitalylamplamp attacklamp exploitation attemptslamp server attacklamp stacklamp stack attacklamp stack targetinglamp_stack_attacklateral movementldaplinux serverlinux serverslinux systemslinux-server-attacklogin attemptmailoney honeypotmalicious activitymalicious activity detectedmalicious domainmalicious emailmalicious payloadmalicious scanmalicious softwaremalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmariadbmirai botnetmodbusmodule loadingmssqlnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork_reconnaissancenokia_deepfield-benignnorth americantpoceaniaoraclep0fpassword attackpassword attackspathpayment processingphishingphishing attackphishing trapping of deathpolandport-scanningpossible malware distributionpossible malware heraldingpossible mirai variantpostgrespotential botnet activityprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy protocolransomwarercereconnaissancereconnaissance activityredisremote accessremote servicesremote_access_servicereplication attackresearchresearchedresource hijackingsansscams & fraudscanscannerscanning activityscorescripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionserver exploitationserviceservice scanservice scanningseveresftp access attemptsftp activitysftp attacksftp attackssftp-attacksip attackssip brute forcesip scanningsmbsmb brute forcesmtpsmtp brute forcesmtp probingsnmpsocial engineeringsocks5socradar honeypotspamspam botnetsql injectionsql injection attemptssshssh attackssh key injectionssh monitoringssh-brutessh-brute-forcesystem accesst1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1202t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1589t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnettelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventiontor nodetotal eventstpottypeudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized-access-attemptunited statesusvalueverified-benignvncvoipvoip attackvulnerability scanwealth managementweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitweb exploit attemptweb exploitationweb scannerweb shell uploadsweb spamweb trafficweb-application-attackweb_attackweb_server

Activity Timeline

1 total obs
Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
20
Reports
First seenSep 6, 2025
Last seenJun 14, 2026
GeolocationFR
CountryFrance
LocationMassy, Île-de-France
ASNAS396982
OrgGoogle LLC
Coords48.7217, 2.2831
Proxy

VirusTotal

Not checked

WHOIS

raw
NETWORK TRANSIT HOLDINGS LLC NTHL (NET-216-180-240-0-1) 216.180.240.0 - 216.180.247.255 IPXO LLC NET-216-180-246-0-24 (NET-216-180-246-0-1) 216.180.246.0 - 216.180.246.255 Internet Utilities NA LLC NETUTILS (NET-216-180-246-0-2) 216.180.246.0 - 216.180.246.255 Private Customer NET-216-180-246-0-24 (NET-216-180-246-0-3) 216.180.246.0 - 216.180.246.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 13 days ago
Appeared in 20 threat reports