IOC Radar
IPMediumSignal 43/100

216.180.246.62

Location
FranceFrance
Massy, Île-de-France
ASN
AS396982
Google LLC
First Seen
Sep 5, 2025
Last Seen
Jun 17, 2026
Sep 5
First Seen
292d ago
Jun 17
Last Seen
8d ago
22
Reports
source reports
43%
Confidence
medium
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
43%
Signal Score
43 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

59 techniques

Network Information

CountryFRFrance
RegionMassy, Île-de-France
ASNAS396982
OrganizationGoogle LLC

Feed Intelligence Summary

22 reports43% confidence
22
Source reports
43%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbhoney honeypotaptasiaattackattacker-ipaustraliaauthentication attackautomated attacksautomated threatautomated-attackbad reputationbad web botbankingblacklist activityblacklisted ipblog spambotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcebrute-force attackc2canadachinacisco devicecisco device attackcisco device targetedcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised systemconfiguration manipulationconfiguration modificationconpot activityconpot attackconpot honeypotcowriecowrie activitycowrie attackcowrie attackscowrie honeypotcowrie interactionscowrie logscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential harvestingcredential stuffingcredential-stuffingcredit card servicescron injectiondata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackddos attacksddos reflectiondecoy systemdenial of servicedetected botnet activitydevice managementdhcpdigital oceandionaeadionaea activitydionaea attackdionaea attacksdionaea honeypotdistributed attacksdnsdns attackelasticsearchencryptionenterprise networkingeuropeexploitexploitationexploitation activityexploitation attemptexploited hostexternal access attemptsfattfinancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp brute forcegermanyhackingheralding activityhoneynet connecthoneytrap datahoneytrap honeypothong konghttp brute forcehttp scannerhttp scanninghttp/sics securityics/scada attackidentity & access exploitationimapindustrial control systemsinformation gatheringinitial accessinjection activityinjection attacksinternet of thingsinternet-facingintrusion detectioniociot botnetiot securityiot targetediot/ics attacklamplamp attacklamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlcialdaplinux serverslinux systemslinux-server-attacklogin attemptmailoney attackmailoney honeypotmalicious activitymalicious activity detectedmalicious emailmalicious login attemptsmalicious sftp activitymalicious softwaremalicious ssh activitymalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware installationmirai botnetmodule loadingmssqlnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork servicesnokia_deepfield-benignnorth americantpoceaniaoraclep0fpassword attackpassword attackspassword sprayingpayment processingphishingphishing attackphishing trapping of deathpolandport-scanningpossible credential theftpossible exploit attemptspossible malware distributionpossible mirai variantprocess injectionprotocol exploitationprotocol-abuseproxyransomwarercereconnaissancereconnaissance activityredis honeypotremote accessremote servicesreplication attackresearchresearchedresource hijackingsansscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionserver exploitationservice discoveryservice scanservice scanningsftp activitysftp attacksftp attackssftp-attacksip attackssip brute forcesip scanningslaveofsmb brute forcesmtpsmtp brute forcesocial engineeringsocks5socradar honeypotspamsql injectionssh attackssh key injectionssh monitoringssh-brutessh-brute-forcesystem accesssystem discoveryt-pott1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.003t1505.004t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1589t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized-access-attemptunited kingdomunited statesusverified-benignvnc protocolvoipvoip attackvulnerability scanwealth managementweb app attackweb application attackweb application scanningweb attackweb attacksweb exploitweb exploit attemptweb exploitationweb scannerweb spamweb trafficweb-application-attack

Activity Timeline

1 total obs
Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
43
SIGNAL
Signal Score
43%
Confidence
22
Reports
First seenSep 5, 2025
Last seenJun 17, 2026
GeolocationFR
CountryFrance
LocationMassy, Île-de-France
ASNAS396982
OrgGoogle LLC
Coords48.7217, 2.2831

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=honeytrap, p0f, suricata; threshold?1; private IPs excluded. geo=US; ports=50104 Location=Sydney, Australia.
raw
NETWORK TRANSIT HOLDINGS LLC NTHL (NET-216-180-240-0-1) 216.180.240.0 - 216.180.247.255 IPXO LLC NET-216-180-246-0-24 (NET-216-180-246-0-1) 216.180.246.0 - 216.180.246.255 Internet Utilities NA LLC NETUTILS (NET-216-180-246-0-2) 216.180.246.0 - 216.180.246.255 Private Customer NET-216-180-246-0-24 (NET-216-180-246-0-3) 216.180.246.0 - 216.180.246.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 8 days ago
Appeared in 22 threat reports