IOC Radar
IPMediumSignal 32/100

54.36.148.34

Location
FranceFrance
Roubaix, Hauts-de-France
ASN
AS16276
OVH
First Seen
Mar 20, 2021
Last Seen
Apr 11, 2026
Mar 20
First Seen
1919d ago
Apr 11
Last Seen
71d ago
13
Reports
source reports
32%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
32%
Signal Score
32 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

34 techniques

Network Information

CountryFRFrance
RegionRoubaix, Hauts-de-France
ASNAS16276
OrganizationOVH

Feed Intelligence Summary

13 reports32% confidence
13
Source reports
32%
Confidence score
Category tags
abuseactive scanactive scanningahrefs-benignattackbad reputationbad web botbankingbeningbening scannerbotnetbotnet activitybrute forcebrute force attackbrute force attemptcisco attackcisco devicecisco device targetingcommand and controlcommunication protocolcowrie activitycowrie honeypotcredential accesscredential harvestingcredential stuffingcredit card servicesdata exfiltrationdata store exposuredatabase attackddosdecoy systemdenial of servicedevice managementdionaea activitydionaea capturedionaea honeypotdistributed attacksenterprise networkingeuropeexploitation activityfinancefinance and insurancefinancial servicesfinancial technologyfrfranceftp brute forcehackingheralding behaviorhoneytrap honeypotidentity & access exploitationindicatorinjection activitylamplamp attacklamp stack targetingmailoney honeypotmalicious activitymalicious network activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork infrastructurenetwork intrusionnetwork probingnetwork scanningnetwork securitypassword attackspayment processingphishingphishing attackphishing trapprocess injectionreconnaissanceresearchedresource hijackingscannerscanning activityscripting attackssentrypeer activitysentrypeer botnetsentrypeer detectionsftp activitysftp attacksip brute forcesip scanningsocial engineeringssh attackssh monitoringt1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.004t1059.007t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencetor nodetpottpotcetsecunauthorized access attemptverified-benignvoipvoip attackwealth managementweb application attackweb attackweb exploitationweb scanner

Activity Timeline

1 total obs
Apr 11Apr 11

Threat Activity Heatmap

· Peak: 2026-04-11
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
32
SIGNAL
Signal Score
32%
Confidence
13
Reports
First seenMar 20, 2021
Last seenApr 11, 2026
GeolocationFR
CountryFrance
LocationRoubaix, Hauts-de-France
ASNAS16276
OrgOVH
Coords48.8582, 2.3387

VirusTotal

Not checked

WHOIS

description
2025-04-04T04:46:42.674Z Honeypot : Tanner : Source: 54.36.148.34 : Port: 80 Post Data: {'response': {'message': {'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}, 'sess_uuid': '7afb747c-a001-4b9a-a1f6-9f7eec2218a2'}}, 'version': '0.6.0'}
raw
inetnum: 54.36.148.0 - 54.36.151.255 netname: OVH-DEDICATED-FO country: FR descr: Failover IPs org: ORG-OS3-RIPE admin-c: OTC2-RIPE tech-c: OTC2-RIPE status: LEGACY mnt-by: OVH-MNT created: 2017-09-21T07:52:45Z last-modified: 2017-09-21T07:52:45Z source: RIPE organisation: ORG-OS3-RIPE org-name: OVH SAS country: FR org-type: LIR address: 2 rue Kellermann address: 59100 address: Roubaix address: FRANCE phone: +33972101007 admin-c: OTC2-RIPE admin-c: OK217-RIPE admin-c: GM84-RIPE abuse-c: AR15333-RIPE mnt-ref: OVH-MNT mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: OVH-MNT created: 2004-04-17T11:23:17Z last-modified: 2020-12-16T10:24:51Z source: RIPE # Filtered role: OVH Technical Contact address: OVH SAS address: 2 rue Kellermann address: 59100 Roubaix address: France admin-c: OK217-RIPE tech-c: GM84-RIPE tech-c: SL10162-RIPE nic-hdl: OTC2-RIPE abuse-mailbox: [email protected] mnt-by: OVH-MNT created: 2004-01-28T17:42:29Z last-modified: 2014-09-05T10:47:15Z source: RIPE # Filtered route: 54.36.0.0/16 origin: AS16276 mnt-by: OVH-MNT created: 2017-10-06T07:57:47Z last-modified: 2017-10-06T07:57:47Z source: RIPE
references
https://github.com/telekom-security/tpotce, counter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 2 months ago
Appeared in 13 threat reports