IPMediumSignal 65/100

`203.55.81.1`

Location

France

Paris, Île-de-France

ASN

AS213873

MOJI

First Seen

Sep 9, 2025

Last Seen

Jun 23, 2026

Sep 9

First Seen

287d ago

Jun 23

Last Seen

today

Reports

source reports

65%

Confidence

medium

Found in 37 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

65%

Signal Score

65 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

104 techniques

Network Information

Country

France

RegionParis, Île-de-France

ASNAS213873

OrganizationMOJI

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

37 reports65% confidence

Source reports

65%

Confidence score

Category tags

abuseabuseipdbaccess controlactive scanactive scanningadbhoney activityadbhoney honeypotandroid device attacksanonymity network abuseanonymization networkanonymization network activityanonymization network iocsanonymization network trafficanonymization network usageanonymization_network_originanonymization_service_trafficanonymized attack activityanonymous attack sourceanonymous proxiesanonymous proxyanonymous_proxyanti-phishingapacheapache attackeraptasaasiaattackattack sourceattacker ipattacker-ipaustraliaauthentication abuseauthentication attackauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication_failuresauto-generatedauto-updatedautomated attackautomated attacksautomated feedautomated-attackautomated_attackbad reputationbad web botbde score: 80bde score: highbelgiumblocked-ipsblocklist_allblog spambooterbotnetbotnet activitybotnet c2botnet indicatorsbrand weaponizationbrazilbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2c2 addressesc2 communicationc2 infrastructurec2 serverchinacisco asacisco asa targetedcisco asa targetingcisco devicecisco device attackcisco exploitationcisco exploitation attemptcisco exploitation attemptscode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised hostcompromised host indicatorscompromised infrastructurecompromised infrastructure indicatorscompromised systemconnected devicesconpot activityconpot honeypotconpot ics probingcowriecowrie activitycowrie attackscowrie datacowrie honeypotcowrie interactionscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential brute-forcecredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingcryptocurrencycryptocurrency threatscryptojackingcyber threatsdarkforumsdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase scanningdatabase securityddosddos attackddos attack indicatorsde ipdecoy systemdefault credential abusedenial of servicedetected botnet activitydevice managementdictionary attackdigital oceandionaea activitydionaea attacksdionaea honeypotdionaea malware samplesdistributed attackdistributed attacksdnn_authdnsdns attackelasticpot activityelasticpot honeypotelasticsearch monitoringelectronic health recordsencryptionenterprise networkingenumerationeuropeeurope/asiaevasionexit nodeexit node threatexploitexploit attemptexploit kit activityexploit public-facing applicationexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal proxyexternal threatfailed loginfattfeedfeed-harvestfeodofeodo trackerfeodo-trackerfilefinancefinancial servicesfinlandfireholfrfr ipfrancefraud ordersftpftp attacksftp brute forceftp protocolftp scanningftp_attemptsftp_brute_forceftp_servicegeographic sourcegermanygithubhackinghashhealth care and social assistancehealth information technologyhealthcare information systemsheralding activityhigh bde scorehk iphoneynet connecthoneytrap honeypothong konghospital managementhttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp-floodhttp_brute_forcehttpshttps scanningicsics securityics/scada attacksidentity & access exploitationimapimap attackindiaindicatorindicatorsindicators of compromiseindicators_of_compromiseindustrial control systemsindustrial iotinformation technologyinfostealerinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptsinitial_accessinitial_access_attemptinjection activityinjection attacksinternational threat activityinternet of thingsinternet-facinginternet_background_noiseintrusion detectioniociocsiot analyticsiot applicationsiot device exploitationiot platformsiot securityiot targetediot/ics attackipphoney activityipphoney honeypotipphoney print exploitsipv4ipv4 attacksisp-reputationit infrastructureja3ja3 fingerprintja3 fingerprintsja3 hashja3 hash iocja3 hashesja3 hashingkyrgyzstanl7-ddoslamplamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack exploitationlamp stack targetinglateral movementlinuxlinux systemslinux-server-attacklithuanialogin attacklogin attemptlogin attemptslogin credentialsmailoney activitymailoney email harvestingmailoney honeypotmalaysiamalicious activitymalicious domainmalicious domainsmalicious file transfermalicious hashesmalicious ip activitymalicious ip addressesmalicious ipsmalicious linksmalicious loginmalicious login attemptsmalicious network activitymalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious urlsmalicious-ipmalicious-login-attemptsmalicious_ipsmalicious_trafficmalwaremalware behaviourmalware capturemalware communicationmalware deliverymalware delivery attemptmalware detectionmalware distributionmalware domainmalware domainsmalware downloadmalware indicatorsmalware trafficmalware urlsmedical servicesmitre-attackmobile threatmodbusmodbus attacksmonthlymssqlmssql_brute_forcemulti-country originmultiple countriesnetherlandsnetworknetwork activitynetwork anomaliesnetwork anomalynetwork attacksnetwork communicationnetwork device attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusionsnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork_attacknetwork_devicenetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenetwork_service_probingnetworkmonitoringnorth americaoceaniaopen proxyopencanaryopenphish feedopenphish iocopportunistic_attackerp0fpassword attackpassword attackspassword_guessingpatient carepattern-32pattern-38phishingphishing attackphishing campaignphishing campaignsphishing domainphishing domainsphishing trapphishing urlspolandport-scanningpossible botnet activitypossible credential reusepossible credential stuffingpossible malware distributionpossible malware propagationpossible reconnaissancepossible vulnerability exploitationpotential botnet activitypotential compromisepotential credential compromisepotential lateral movementpotential malwarepotential malware distributionpotential threatpotential threat actorprocess injectionprotocol exploitationprotocol scanningprotocol-abuseprotocol_scanningproxyproxy ip addressesproxy ipsproxy networkproxy serverproxy server activityproxy_trafficproxy_usageransomwareransomware activityraspberry-pirdp protocolrdp_attemptsrdp_brute_forcerdp_servicereconnaissancereconnaissance activityreconnaissance_activityredis honeypotremote accessremote access attemptremote loginremote service exploitationremote servicesremote_accessresearchedresidential proxyresource hijackingrussias7comm attacksscams & fraudscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetserver exploitationservice enumerationservice scansftp access attemptsftp access attemptssftp attacksftp attackssftp attemptsftp probingsftp-attacksingaporesip attackssip brute forcesip scanningsmart devicessmb attackssmb brute forcesmb_enumerationsmb_servicesmtpsmtp attackersmtp brute forcesmtp_brute_forcesocial engineeringsocradar honeypotsoftware developmentsouth americaspamspam campaignsspam domainsspam sourcespamhausspamhaus dropspamhaus drop feedspamhaus drop iocspamhausdropsql injectionsql injection attemptssshssh attackssh attacksssh monitoringssh protocolssh-brute-forcessh_attemptsssh_brute_forcessh_servicessl blacklistssl certificatessl certificatesssl-enrichmentssl/tls enrichmentsslblsslblackliststealcstixstix 2.1stix feedstix-2.1supply chain attacksupply-chainsuspicioustrafficswedensyn scansystem discoveryt1005t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1036.006t1040t1041t1043t1046t1047t1048t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.004t1076t1077t1078t1078.004t1083t1087t1090t1090 proxyt1090.002t1090.003t1102t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1133t1140t1189t1190t1192t1195t1195.001t1195.002t1203t1204t1204.001t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1547.001t1550t1550.002t1555t1555.003t1563t1564.003t1564.004t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1573t1573.001t1583t1583.001t1583.006t1584t1585t1586t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1590t1590.001t1590.005t1592t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003taiwantannertanner activitytanner interactionstargeting databasetcp protocoltcp scantcp scanningteam cymrutelecommunicationstelnet threattelnet-brute-forcetelnet_attemptsthreat activitythreat actorthreat detectionthreat feedthreat infrastructurethreat intelligencethreat intelligence aggregationthreat intelligence feedthreat preventionthreat-intelthreat-intelligencethreat_activitythreat_actor_activitythreat_intelligencethreat_intelligence_feedtls fingerprinttortor exit nodetor exit nodestor networktor network activitytor nodetor node indicatorstor_exit_nodetor_traffictorexittorexitnodestpotturkeyudp scanukraineunattributed_threat_activityunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized-access-attemptunauthorized_accessunited statesurlhausvnc protocolvoidtrapvoipvoip attackvpnvpn ipvpn ip addressesvpn servicevpn trafficvpn_trafficvulnerability scanweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb brute forceweb exploitationweb securityweb serverweb server attacksweb shell uploadsweb spamweb trafficweb-application-attackweb_applicationweb_service_scanning

Activity Timeline

1 total obs

Jun 23Jun 23

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

65%

Confidence

Reports

First seenSep 9, 2025

Last seenJun 23, 2026

GeolocationFR

CountryFrance

LocationParis, Île-de-France

ASNAS213873

OrgMOJI

Coords48.8708, 2.3426

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Anonymization_Network indicators. Date: Apr 8, 2026. Part 2/5. For more threat intelligence visit https://ltna.com.au/cyber
raw: inetnum: 203.55.81.0 - 203.55.81.127 netname: FR-MOJI-20250408 org: ORG-MS374-RIPE country: FR admin-c: NOC293-RIPE tech-c: NOC293-RIPE mnt-domains: MNT-MOJI mnt-lower: MNT-MOJI mnt-routes: MNT-MOJI status: ASSIGNED PA mnt-by: lir-fr-julesd-1-MNT created: 2025-04-08T10:54:04Z last-modified: 2025-04-08T10:54:04Z source: RIPE organisation: ORG-MS374-RIPE org-name: MOJI SAS country: FR org-type: LIR address: 9, rue des Pavillons address: 92000 address: Nanterre address: FRANCE phone: +33185090190 admin-c: NOC293-RIPE tech-c: NOC293-RIPE abuse-c: AR33976-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: MNT-MOJI mnt-ref: lir-fr-julesd-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: MNT-MOJI created: 2015-10-26T10:13:30Z last-modified: 2025-04-08T10:51:15Z source: RIPE # Filtered person: Network Operating Center address: 189, rue de Suresnes, Nanterre, France phone: +33185090190 nic-hdl: NOC293-RIPE mnt-by: MOJINOC-MNT created: 2019-07-31T11:38:21Z last-modified: 2019-07-31T11:38:21Z source: RIPE route: 203.55.81.0/24 org: ORG-MS374-RIPE origin: AS213873 mnt-by: MNT-MOJI created: 2025-06-24T09:57:58Z last-modified: 2025-06-24T09:57:58Z source: RIPE organisation: ORG-MS374-RIPE org-name: MOJI SAS country: FR org-type: LIR address: 9, rue des Pavillons address: 92000 address: Nanterre address: FRANCE phone: +33185090190 admin-c: NOC293-RIPE tech-c: NOC293-RIPE abuse-c: AR33976-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: MNT-MOJI mnt-ref: lir-fr-julesd-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: MNT-MOJI created: 2015-10-26T10:13:30Z last-modified: 2025-04-08T10:51:15Z source: RIPE # Filtered
references: https://redpiranha.net, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

`203.55.81.1`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey