IPMediumSignal 58/100

`80.67.167.81`

Location

France

Paris, Île-de-France

ASN

AS2027

MilkyWan

First Seen

Aug 26, 2020

Last Seen

Jun 10, 2026

Aug 26

First Seen

2115d ago

Jun 10

Last Seen

yesterday

Reports

source reports

58%

Confidence

medium

Found in 54 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

58%

Signal Score

58 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

103 techniques

Network Information

Country

France

RegionParis, Île-de-France

ASNAS2027

OrganizationMilkyWan

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

54 reports58% confidence

Source reports

58%

Confidence score

Category tags

abuseaccess controlactive scanactive scanningadbhoney honeypotanonymity network abuseanonymization networkanonymization network activityanonymization network iocsanonymization network trafficanonymization network usageanonymization_network_originanonymization_service_trafficanonymized attack activityanonymous attack sourceanonymous proxiesanonymous proxyanonymous_proxyanti-phishingapple security bypassapplication layer protocolas path poisoningasaasiaattackattack sourceattack source ipattacker-ipaustraliaauthbypassauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication_bypassauthorization bypassauto-generated securityautomated attackautomated attacksautomated collectionautomated feedautomated threatautomated_attackbad reputationbad web botbankingbgpblocklist_allblog spambooterbotnetbotnet activitybotnet c2botnet indicatorsbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2c2 addressesc2 communicationc2 infrastructurec2 servercertchinaciscocisco asacisco devicecisco device attackcisco device probingcisco exploitationcisco exploitation attemptscommand & controlcommand and controlcommunication protocolcommunication technologiescompromised credentialscompromised credentials attemptcompromised hostcompromised host indicatorscompromised hostscompromised infrastructure indicatorsconpot honeypotcore network compromisecowriecowrie activitycowrie attackscowrie datacowrie honeypotcowrie honeypot detectioncowrie ssh attackscredential accesscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingcredit card servicesctacve exploitcve exploitationcymtdarkforumsdata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration attemptsdata interceptiondata store exposuredata theftdatabase attackdatabase brute forcedatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdionaea malware collectiondistributed attacksedge infrastructure exploitelasticpot activityelasticpot exploitationelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenumerationeuropeevasionexecutable fileexit nodeexit node threatexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptsexploited hostexternal access attemptsexternal proxyexternal threatfailed authenticationfailed loginfattfeedfeed-harvestfeodofeodo trackerfeodo-trackerfilefinancefinancial servicesfinancial technologyfinlandfireholfirmware attackfrfranceftpftp attacksftp brute forceftp brute-forceftp_attemptsftp_brute_forceftp_servicegeofencing malwaregermanyhackinghashheralding probinghoneynet connecthoneytrap activityhoneytrap honeypothttp brute forcehttp exploitationhttp probinghttp scannerhttp scanninghttp-floodhttp/shttp_brute_forcehttpshttps scanningics securityidentity & access exploitationidmsa abuseindicatorindicatorsindicators of compromiseindicators_of_compromiseindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinitial_access_attemptinjection activityinjection attacksinter-as route manipulationinternet of thingsinternet_background_noiseintrusion detectioniociocsiot botnetiot securityiot targetediot/ics attackipv4ipv4_addressit infrastructureja3ja3 fingerprintja3 fingerprintsja3 hashja3 hash iocja3 hashesja3 hashingjtag exploitationkill-chain exploitationkill-chain reconnaissancel7-ddoslamplamp attacklamp exploitation attemptslamp server targetinglamp stack exploitationlamp stack targetedlateral movementlateral network movementlcialinux serverslinux systemsloginlogin attacklogin attemptlogin credentialslogin failurelow-riskmailoney activitymailoney honeypotmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious domainmalicious domainsmalicious email trafficmalicious filemalicious file transfermalicious hashesmalicious ip activitymalicious ip addressesmalicious ipsmalicious linksmalicious login attemptmalicious payloadmalicious payload attemptmalicious sftp activitymalicious sftp trafficmalicious softwaremalicious ssh activitymalicious ssh trafficmalicious trafficmalicious urlsmalicious_ipsmalicious_trafficmalwaremalware behaviourmalware capturemalware communicationmalware deliverymalware delivery attemptmalware detectionmalware distributionmalware domainmalware domainsmalware indicatorsmalware urlsmanualmirai botnetmobile carriersmobile networksmonthlymssql_brute_forcenemucodnetworknetwork attacksnetwork device probingnetwork infrastructurenetwork infrastructure attacknetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-based attack attemptsnetwork_attacknetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenetwork_service_exploitationnetwork_service_probingnetworkmonitoringnorth americaoceaniaopen proxyopenphish feedopenphish iocopportunistic attackopportunistic_attackerosintp0fpassword attackpassword attackspassword crackingpassword sprayingpayment processingpdfpersistence mechanismphishingphishing attackphishing campaignphishing campaignsphishing domainphishing domainsphishing trapphishing urlspmic manipulationpolandpossible botnet activitypossible credential stuffingpossible malware distributionpossible reconnaissancepotential botnet activitypotential credential compromisepotential exploitpotential exploit activityprivilege escalationprocess injectionprotocol exploitationprotocol scanningprotocol: emailprotocol: sftpprotocol: sshprotocol_scanningproxyproxy ip addressesproxy ipsproxy networkproxy serverproxy server activityproxy_trafficproxy_usagepublicly accessible infrastructureransomwarerdp attacksrdp_attemptsrdp_brute_forcerdp_servicereconnaissancereconnaissance activityreconnaissance_activityredis honeypotredishoneypotremote accessremote access attacksremote access attemptremote code executionremote loginremote serviceremote service exploitationremote servicesremote_accessresearchedresource hijackingreverse sshrouting protocolscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetserver exploitationservice enumerationservice scanservice scanningservice: lampsftpsftp attacksftp attackssftp exploitation attemptssftp port scansingaporesip attackssip brute forcesip port scansip scanningsmb exploitationsmb_enumerationsmb_servicesmtpsmtp attackssmtp brute forcesmtp scanningsmtp_brute_forcesocial engineeringsoftware developmentsophisticated firmware persistencespamspam campaignsspam domainsspam sourcespamhausspamhaus dropspamhaus drop feedspamhaus drop iocspamhausdropsql injectionsshssh attackssh attacksssh monitoringssh port scanssh-brute-forcessh-rsassh_attemptsssh_brute_forcessh_servicessl blacklistssl certificatessl certificatessslblsslblackliststixstix feedsupply chain attacksupply chain compromisesurface websuspicioustrafficsyn scansystem accesssystem compromiset-pott1005t1016t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1048t1053t1053.005t1055t1059t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1090t1090 proxyt1090.002t1090.003t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1113t1133t1136t1187t1189t1190t1192t1195t1195.001t1195.002t1199t1203t1204t1204.001t1204.002t1213t1486t1496t1499.001t1499.002t1499.003t1505.002t1542.001t1542.005t1550t1555t1563t1564.001t1564.003t1564.004t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1572t1573t1573.001t1583t1583.001t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.005t1590.006t1592t1592.002t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003tannertanner activitytargeting databasetcp protocoltcp scantcp scanningtelecom servicestelecommunicationstelnettelnet attackstelnet threattelnet_attemptsthreat activitythreat actorthreat detectionthreat feedthreat infrastructurethreat intelligencethreat intelligence aggregationthreat intelligence feedthreat preventionthreat-intelthreat_activitythreat_actor_activitythreat_intelligencethreat_intelligence_feedtier-1 network vulnerabilitytls fingerprinttortor activitytor exit nodetor exit nodestor networktor network activitytor nodetor node indicatorstor_exit_nodetor_traffictorexittorexitnodestpotturkeyudp scanunattributed threat actorunattributed_threat_activityunauthenticated accessunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized login attemptsunauthorized_accessunited kingdomunited statesurlhaususer enumerationvalid accountsvnc protocolvoipvoip attackvpnvpn ipvpn ip addressesvpn servicevpn trafficvpn_trafficvulnerability scanvulnerability-exploitationwealth managementweb app attackweb application attackweb application attacksweb application scanningweb attackweb brute forceweb exploitweb exploitationweb exploitsweb hostingweb loginweb scannerweb securityweb serverweb server attackweb service scanningweb spamweb trafficweb_service_scanning

Activity Timeline

1 total obs

Jun 10Jun 10

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

58%

Confidence

Reports

First seenAug 26, 2020

Last seenJun 10, 2026

GeolocationFR

CountryFrance

LocationParis, Île-de-France

ASNAS2027

OrgMilkyWan

Coords48.8558, 2.3494

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Anonymization_Network indicators. Date: Apr 8, 2026. Part 2/5. For more threat intelligence visit https://ltna.com.au/cyber
raw: inetnum: 80.67.167.0 - 80.67.167.255 netname: MILKYWAN-NET descr: Association MilkyWan country: FR org: ORG-MA1574-RIPE admin-c: HDLM-RIPE tech-c: HDLM-RIPE status: ASSIGNED PA mnt-by: Gitoyen-NCC mnt-domains: Gitoyen-NCC mnt-domains: MILKYWAN-MNT mnt-routes: Gitoyen-NCC mnt-routes: MILKYWAN-MNT created: 2018-08-23T15:18:01Z last-modified: 2020-12-05T15:02:07Z source: RIPE # Filtered organisation: ORG-MA1574-RIPE org-name: MilkyWan Association country: FR org-type: LIR address: 4B Square Edouard Mouriquand address: 69009 address: Lyon address: FRANCE phone: +33782708799 admin-c: HDLM-RIPE tech-c: HDLM-RIPE abuse-c: AC35343-RIPE mnt-by: RIPE-NCC-HM-MNT mnt-by: MILKYWAN-MNT mnt-ref: MILKYWAN-MNT mnt-ref: APPLIWAVE-MNT mnt-ref: Gitoyen-NCC created: 2019-05-03T10:05:27Z last-modified: 2022-07-11T12:52:27Z source: RIPE # Filtered person: Hugues Voiturier address: 4 Bis Square Edouard Mouriquand, 69009 Lyon phone: +33123456789 nic-hdl: HDLM-RIPE mnt-by: HDLM-MNT created: 2018-05-10T21:33:00Z last-modified: 2020-08-01T08:31:34Z source: RIPE route: 80.67.167.0/24 descr: Route to MilkyWan origin: AS2027 mnt-by: GITOYEN-NCC created: 2022-03-07T02:14:12Z last-modified: 2022-03-07T02:14:12Z source: RIPE route: 80.67.167.0/24 descr: Route to MilkyWan origin: AS57199 org: ORG-MA1336-RIPE mnt-by: GITOYEN-NCC created: 2018-08-24T07:43:42Z last-modified: 2018-08-24T07:43:42Z source: RIPE organisation: ORG-MA1336-RIPE org-name: MilkyWan org-type: OTHER address: 4B Square Edouard Mouriquand 69009 LYON FRANCE abuse-c: AC35343-RIPE mnt-ref: MILKYWAN-MNT mnt-by: MILKYWAN-MNT created: 2018-01-24T20:29:28Z last-modified: 2018-11-16T13:27:43Z source: RIPE # Filtered

`80.67.167.81`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy