IOC Radar
IPMediumSignal 68/100

102.216.68.56

Location
KenyaKenya
Nairobi, Nairobi County
ASN
AS36926
Airtel KE Mobile Broadband 4G & Fixed Enterprise Services
First Seen
Mar 12, 2024
Last Seen
Feb 19, 2026
Mar 12
First Seen
831d ago
Feb 19
Last Seen
121d ago
7
Reports
source reports
68%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

39 techniques

Network Information

CountryKEKenya
RegionNairobi, Nairobi County
ASNAS36926
OrganizationAirtel KE Mobile Broadband 4G & Fixed Enterprise Services

Feed Intelligence Summary

7 reports68% confidence
7
Source reports
68%
Confidence score
Category tags
active scanningadbhoney honeypotafricaattackattacker ipsaustraliaauthentication abuseauthentication attackauthentication attemptsauthentication bypassautomated attackbotnetbrute forcebrute force attackbrute force attacksbrute force attemptsbrute_forcecisco devicecisco exploitation attemptscommand and controlcommand injectioncommunication protocolcompromised credentialsconnected devicesconpot honeypotcowrie honeypotcowrie interactionscredential accesscredential attackcredential harvestingcredential stuffingcredential-attackcve scandata exfiltrationdatabase attackdatabase securitydatabase-serviceddosddos attackdecoy systemdevice managementdionaea honeypotdionaea interactionsdionaea malware analysisdistributed attacksdnselasticpot honeypotelasticsearch monitoringenterprise networkingexploitexploit attemptsexploit kit activityexploitation attemptsexploitation-attemptexternal threatfattftpftp attacksftp brute forceftp_bruteforceheralding attack patternhoneytrap honeypothttp brute forcehttp scannerhttp/shttp_scanhttps_scanics securityics/scada protocolsindicatorindicators of compromiseindustrial control systemsindustrial iotinitial accessinternet of thingsintrusion detectioniociot analyticsiot applicationsiot platformsiot securityiot/ics attackipv4ipv4 attackskenyalamplamp stack targetedlamp stack targetinglateral movementlinux-serverlogin attackmailoney honeypotmalicious activitymalicious payload detectionmalicious softwaremalicious-activitymalwaremalware behaviourmalware capturemalware deliverymalware distributionnetworknetwork activitynetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork-based attack attemptsnetwork-devicenorth americaoceaniap0fpassword attackpassword attacksphishingphishing attackphishing trapport-scanpossible botnet activitypossible malware propagationprocess injectionprotocol exploitationpython script activityrdp attacksreconnaissanceremote accessremote loginremote servicesresearchedresource hijackingscadascannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetserver exploitationsftp attacksip attackssip brute forcesip scanningsmart devicessmtpsmtp attackssmtp brute forcesocial engineeringspamsql injectionsql injection attemptssh attackssh attacksssh monitoringssh_bruteforcet1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertelecommunicationstelnet attackstelnet threattelnet_bruteforcethreat actorthreat actor activitythreat detectionthreat intelligencethreat intelligence feedtpottpotceunauthorized access attemptunauthorized loginunited statesvnc protocolvoipvoip attackweb attackweb exploitationweb shell attemptweb trafficweb-service

Activity Timeline

1 total obs
Feb 19Feb 19

Threat Activity Heatmap

· Peak: 2026-02-19
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
7
Reports
First seenMar 12, 2024
Last seenFeb 19, 2026
GeolocationKE
CountryKenya
LocationNairobi, Nairobi County
ASNAS36926
OrgAirtel KE Mobile Broadband 4G & Fixed Enterprise Services
Coords0.0000, 0.0000

VirusTotal

Not checked

WHOIS

description
2025-07-05T11:39:33.712Z Honeypot : Heralding : Source: 102.216.68.56 : Username/Password: adminsis/n0=acc3ss Port: 1080 Message: 2025-07-05 11:39:33.712120,c077d774-8020-4b2f-8efb-3a49626c5a41,fac5627a-8cb4-45ed-a320-a91333051d98,102.216.68.56,45367,99.18.26.19,1080,socks5,adminsis,n0=acc3ss,
raw
inetnum: 102.216.68.0 - 102.216.69.255 netname: Mobile_Broadband_4G descr: Mobile_Broadband_4G country: KE admin-c: AM125-AFRINIC tech-c: JK36-AFRINIC status: ASSIGNED PA mnt-by: AIRTEL-KE source: AFRINIC # Filtered parent: 102.216.68.0 - 102.216.71.255 person: Albert Mungai nic-hdl: AM125-AFRINIC address: Parkside Towers, Mombasa Road address: Mombasa Road address: Nairobi Kenya address: Nairobi address: Other phone: tel:+254-733-678477 mnt-by: GENERATED-TWSEHXIROAVZW6TGQEXQQBAOWG67HRLQ-MNT source: AFRINIC # Filtered person: John Kiama nic-hdl: JK36-AFRINIC address: Airtel Networks Kenya Limited address: Nairobi address: Other phone: tel:+254-733-333313 mnt-by: GENERATED-M5XUAZN3PGEU96XFQGSMU04J3RR8EVGQ-MNT source: AFRINIC # Filtered route: 102.216.68.0/22 descr: Airtel KE Mobile Broadband_4G & Fixed Enterprise Services IP Block origin: AS36926 mnt-by: AIRTEL-KE source: AFRINIC # Filtered
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 4 months ago
Appeared in 7 threat reports