IOC Radar
IPMediumSignal 24/100

54.36.148.116

Location
FranceFrance
Roubaix, Hauts-de-France
ASN
AS16276
OVH
First Seen
Oct 13, 2020
Last Seen
Apr 7, 2026
Oct 13
First Seen
2069d ago
Apr 7
Last Seen
67d ago
11
Reports
source reports
24%
Confidence
medium
1/91
VirusTotal
detections
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
24%
Signal Score
24 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryFRFrance
RegionRoubaix, Hauts-de-France
ASNAS16276
OrganizationOVH

Feed Intelligence Summary

11 reports24% confidence
11
Source reports
24%
Confidence score
Category tags
active scanactive scanningadbhoney activityadbhoney honeypotahrefs-benignattackbad web botbeningbening scannerbotnetbotnet activitybrute forcebrute force attackcommand and controlcommunication protocolcowrie activitycowrie attackcowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposureddosdecoy systemdenial of servicedionaea activitydionaea attackdionaea honeypotdistributed attackseuropeexploitation activityfrfranceftp brute forcehoneytrap activityhoneytrap honeypotidentity & access exploitationindicatorinjection activitylamplamp attacklamp stack attackmailoney activitymailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork securitypassword attacksphishingphishing attackphishing trapprocess injectionreconnaissanceresearchedresource hijackingscannerscripting attackssentrypeer activitysentrypeer botnetsftp activitysftp attacksip scanningsocial engineeringssh attackssh monitoringt1040t1041t1055t1059t1059.004t1059.007t1071.001t1078t1078.001t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertanner attacktelecommunicationsthreat actorthreat detectionthreat intelligencetor nodetpotceverified-benignvoipvoip attackweb application attackweb attackweb exploitation

Activity Timeline

1 total obs
Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
24
SIGNAL
Signal Score
24%
Confidence
11
Reports
First seenOct 13, 2020
Last seenApr 7, 2026
GeolocationFR
CountryFrance
LocationRoubaix, Hauts-de-France
ASNAS16276
OrgOVH
Coords48.8582, 2.3387

VirusTotal

1/ 91vendors flagged
1% detection rateJun 8, 2026

WHOIS

description
2025-02-12T11:19:04.474Z Honeypot : Tanner : Source: 54.36.148.116 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'sess_uuid': 'c63bf1b5-2a47-4284-b77a-ae2058cf5ea0', 'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}}}}
raw
inetnum: 54.36.148.0 - 54.36.151.255 netname: OVH-DEDICATED-FO country: FR descr: Failover IPs org: ORG-OS3-RIPE admin-c: OTC2-RIPE tech-c: OTC2-RIPE status: LEGACY mnt-by: OVH-MNT created: 2017-09-21T07:52:45Z last-modified: 2017-09-21T07:52:45Z source: RIPE organisation: ORG-OS3-RIPE org-name: OVH SAS country: FR org-type: LIR address: 2 rue Kellermann address: 59100 address: Roubaix address: FRANCE phone: +33972101007 admin-c: OTC2-RIPE admin-c: OK217-RIPE admin-c: GM84-RIPE abuse-c: AR15333-RIPE mnt-ref: OVH-MNT mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: OVH-MNT created: 2004-04-17T11:23:17Z last-modified: 2020-12-16T10:24:51Z source: RIPE # Filtered role: OVH Technical Contact address: OVH SAS address: 2 rue Kellermann address: 59100 Roubaix address: France admin-c: OK217-RIPE tech-c: GM84-RIPE tech-c: SL10162-RIPE nic-hdl: OTC2-RIPE abuse-mailbox: [email protected] mnt-by: OVH-MNT created: 2004-01-28T17:42:29Z last-modified: 2014-09-05T10:47:15Z source: RIPE # Filtered route: 54.36.0.0/16 origin: AS16276 mnt-by: OVH-MNT created: 2017-10-06T07:57:47Z last-modified: 2017-10-06T07:57:47Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://github.com/conexioninversa/MalwareIntel/blob/main/MaliciousIP.txt, counter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 2 months ago
Appeared in 11 threat reports