IOC Radar
IPMediumSignal 57/100

216.180.246.72

Location
FranceFrance
Massy, Île-de-France
ASN
AS396982
Google LLC
First Seen
Sep 6, 2025
Last Seen
Jun 7, 2026
Sep 6
First Seen
282d ago
Jun 7
Last Seen
8d ago
25
Reports
source reports
57%
Confidence
medium
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

53 techniques

Network Information

CountryFRFrance
RegionMassy, Île-de-France
ASNAS396982
OrganizationGoogle LLC

Feed Intelligence Summary

25 reports57% confidence
25
Source reports
57%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningactive-attackadbhoney honeypotapacheapache attackeraptattackaustraliaauthentication attemptauthentication failureautomated attackautomated-attackautomated_attackbad web botblacklist ipblocklist_allblog spambothammerbotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2 trafficcisco devicecisco exploitation attemptscisco_device_attackcode executioncommand and controlcommand executioncommand injectioncommunication protocolcompromise attemptcompromised credentialscompromised hostcowriecowrie datacowrie honeypotcowrie logscowrie ssh honeypotcredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_stuffingcyberattackdaily-threat-feeddata encryptiondata exfiltrationdatabase attackdatabase attacksdatabase brute forcedatabase securitydatabase_serverddosddos attackddos attacksddos reflectiondecoy systemdenial of servicedenial-of-servicedevice managementdictionary_attackdionaeadionaea honeypotdistributed attacksdnsenterprise networkingeuropeexfiltrationexploitexploit kitexploitationexploitation activityexploitation attemptexploitation_attemptexploited hostfattfinlandfrancefraud voipftpftp brute forceftp brute-forcegermanyhackinghoneynet connecthoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanninghttpsinitial accessinitial_accessinjection attacksinternet of thingsinternet-facingintrusion detectioniociot botnetiot targetediot/ics attackiot_attacklamplamp server attacklamp stack attacklamp stack targetinglamp_stack_attacklateral movementlinux-server-attacklogin attemptmailoney honeypotmalicious activitymalicious emailmalicious ip activitymalicious scanmalicious softwaremalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmirai botnetmssqlnetworknetwork attacksnetwork device probingnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_reconnaissancenokia_deepfield-benignnorth americaoceaniaopportunistic attackp0fpassword attackpassword attackspassword sprayingphishingphishing attackphishing trapping of deathpolandport-scanningpossible mirai variantprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy protocolrealtime-wafreconnaissancereconnaissance activityremote accessremote access attemptremote servicesremote_access_serviceresearchedresource hijackingsansscanscannerscanning activityscripting attackssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionserver exploitationsftp access attemptsftp activitysftp attacksftp attackssftp-attacksiemsipsip attackssip scanningsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware exploitationsql injectionsql injection attemptssshssh attackssh monitoringssh-brute-forcesystem accesst-pott1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1589t1592t1595t1595.001t1595.002t1595.003tannertcp protocoltcp scantelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventiontpotudp port scanudp scanunattributed threat actorunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptsunauthorized-access-attemptunited statesusverified-benignvoipvoip attackweb app attackweb application attackweb attackweb attacksweb exploitweb exploit attemptweb exploitationweb service scanningweb shell uploadsweb spamweb trafficweb-application-attackweb_attackweb_server

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
25
Reports
First seenSep 6, 2025
Last seenJun 7, 2026
GeolocationFR
CountryFrance
LocationMassy, Île-de-France
ASNAS396982
OrgGoogle LLC
Coords48.7217, 2.2831

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=honeytrap, p0f, suricata; threshold?1; private IPs excluded. geo=US; ports=50106 Location=Sydney, Australia.
raw
NETWORK TRANSIT HOLDINGS LLC NTHL (NET-216-180-240-0-1) 216.180.240.0 - 216.180.247.255 IPXO LLC NET-216-180-246-0-24 (NET-216-180-246-0-1) 216.180.246.0 - 216.180.246.255 Internet Utilities NA LLC NETUTILS (NET-216-180-246-0-2) 216.180.246.0 - 216.180.246.255 Private Customer NET-216-180-246-0-24 (NET-216-180-246-0-3) 216.180.246.0 - 216.180.246.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 8 days ago
Appeared in 25 threat reports