IPMediumSignal 71/100
102.223.221.71
Location
CongoPointe-Noire, Pointe-Noire
ASN
AS327829
SKYTIC
First Seen
Jul 13, 2024
Last Seen
Jan 24, 2026
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryCongo
CongoRegionPointe-Noire, Pointe-Noire
ASNAS327829
OrganizationSKYTIC
Feed Intelligence Summary
8 reports71% confidence
8
Source reports
71%
Confidence score
Category tags
active scanningadbhoney honeypotantispamattackbotnetbrute forcebrute force attackbrute force attacksbrute_forcecgcisco devicecommand and controlcommunication protocolcompromised credentialscongoconpot honeypotcowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdatabase attacksdatabase exploitation attemptdatabase securitydecoy systemdevice managementdionaea honeypotdionaea malware analysisdistributed attackselasticpot honeypotelasticsearch monitoringenterprise networkingftpftp brute forceftp brute-forceftp_bruteforceheralding attack patternhoneytrap honeypothttp scannerhttp_scanhttps_scanics securityindicatorindustrial control systemsinitial accessiot attacksiot device targetingiot/ics attackipphoney honeypotlamplateral movementlog4jmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork attack attemptsnetwork enumerationnetwork infrastructurenetwork intrusion attemptsnetwork scanningnetwork securitynetwork service scanningnorth americapassword attacksphishingphishing attackphishing trappossible botnet activityprocess injectionprotocol exploitationpython script activityreconnaissanceredis honeypotremote accessremote servicesresearchedresource hijackingscannerscripting attackssentrypeer botnetsftp attacksip brute forcesip scanningsocial engineeringspamsql injection attemptssh attackssh brute-forcessh monitoringssh_bruteforcet1021t1021.001t1040t1041t1046t1055t1059t1059.007t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertelecommunicationstelnet threattelnet_bruteforcethreat actorthreat detectionthreat intelligenceunauthorized accessunauthorized access attemptunited statesvoipvoip attackweb application attacksweb attackweb exploitationweb traffic
Activity Timeline
Jan 24Jan 24
Threat Activity Heatmap
· Peak: 2026-01-24LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
8
Reports
First seenJul 13, 2024
Last seenJan 24, 2026
GeolocationCG
CountryCongo
LocationPointe-Noire, Pointe-Noire
ASNAS327829
OrgSKYTIC
Coords-1.0000, 15.0000
VirusTotal
Not checked
WHOIS
- description
- 2025-07-05T08:40:33.390Z Honeypot : Heralding : Source: 102.223.221.71 : Username/Password: aDmIN/123456 Port: 1080 Message: 2025-07-05 08:40:33.390796,67ea6cbf-e318-45bd-ad74-9189617d774c,26ff1d41-4830-40ca-ac39-5c40a4d5157f,102.223.221.71,59919,99.18.26.21,1080,socks5,aDmIN,123456,
- raw
- inetnum: 102.223.221.64 - 102.223.221.127 netname: ROFA-LNC-LVC-MW descr: ROFA-LNC-LVC-MW country: CG admin-c: RM84-AFRINIC tech-c: RM84-AFRINIC status: ASSIGNED PA mnt-by: SKYTIC-MNT source: AFRINIC # Filtered parent: 102.223.220.0 - 102.223.223.255 person: Renauldit MAUNE nic-hdl: RM84-AFRINIC address: 216 Avenue Ngueli-ngueli, Wharf address: Postal Code: 235 address: Ponit-Noire address: Congo address: Pointe Noire 235 address: Congo (the) phone: tel:+242-05-201-6192 mnt-by: GENERATED-IYV6LXRFXSORKTU9N7SBQOCCRYPYORPB-MNT source: AFRINIC # Filtered route: 102.223.220.0/22 descr: SKYTIC Route Object origin: AS327829 mnt-by: SKYTIC-MNT source: AFRINIC # Filtered
- references
- https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 4 months ago
Appeared in 8 threat reports