IOC Radar
IPMediumSignal 72/100

102.69.144.9

Location
NigeriaNigeria
Lagos, OY
ASN
AS328451
IP Express Ltd
First Seen
Jun 2, 2021
Last Seen
Jun 8, 2026
Jun 2
First Seen
1845d ago
Jun 8
Last Seen
12d ago
10
Reports
source reports
72%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

41 techniques

Network Information

CountryNGNigeria
RegionLagos, OY
ASNAS328451
OrganizationIP Express Ltd

Feed Intelligence Summary

10 reports72% confidence
10
Source reports
72%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney honeypotafricaantispamapplication layer protocolattackattack sourceaustraliaauthentication attemptsauthentication failureauthentication_bypassbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcecisco devicecommand and controlcommunication protocolcompromised credentialscompromised hostconpot honeypotcowriecowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attacksdatabase exploitation attemptdatabase securityddosdecoy systemdevice managementdionaeadionaea honeypotdionaea interactionsdionaea malware analysisdistributed attackselasticpot honeypotelasticsearch monitoringenterprise networkingexploitexploit attemptsexploitationexploitation activityexploited hostfattftpftp brute forceftp brute-forceheralding attack patternhoneytrap honeypothttp brute forcehttp scannerhttp scanningics securityidentity & access exploitationindicatorindustrial control systemsinitial accessinjection activityinjection attacksiot attacksiot device targetingiot securityiot/ics attackipphoney honeypotipv4ipv4 addressipv4_addresslamplamp vulnerability scanlateral movementlog4jmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionmssql scanningnetworknetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_service_exploitationngnigeriaoceaniap0fpassword attacksphishingphishing attackphishing trapprocess injectionprotocol exploitationpython script activityreconnaissanceredis honeypotremote accessremote access attemptsremote serviceremote servicesremote_accessresearchedresource hijackingscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetserver exploitationservice scansftp attacksftp exploitationsip brute forcesip scanningsmb scanningsmtpsocial engineeringspamsql injectionsql injection attemptsshssh attackssh brute-forcessh monitoringt1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.003t1059.007t1071t1071.001t1076t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566.001t1566.002t1566.003t1566.004t1588.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotunauthorized login attemptsvnc protocolvoipvoip attackvulnerability scanweb app attackweb application attacksweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
10
Reports
First seenJun 2, 2021
Last seenJun 8, 2026
GeolocationNG
CountryNigeria
LocationLagos, OY
ASNAS328451
OrgIP Express Ltd
Coords7.3886, 3.8961

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=heralding, p0f; threshold?1; private IPs excluded. geo=NG; ports=1080 Location=Sydney, Australia.
raw
inetnum: 102.69.144.0 - 102.69.144.255 netname: IPEXPRESS descr: IP Express Ibadan country: NG admin-c: TO24-AFRINIC admin-c: BRA3-AFRINIC tech-c: TO24-AFRINIC tech-c: BRA3-AFRINIC status: ASSIGNED PA mnt-by: IEL1-MNT source: AFRINIC # Filtered parent: 102.69.144.0 - 102.69.147.255 person: BAMIDELE RICHARD AMIRE address: SUITE 6, REHOBOTH PLAZA MAGAZINE ROAD. JERICHO IBADAN phone: tel:+234-803-481-4324 nic-hdl: BRA3-AFRINIC mnt-by: NIST239-AFRINIC source: AFRINIC # Filtered person: Temitope Odulate address: 1, PSSDC road, Magodo Phase 2 address: Lagos 100001 address: Nigeria phone: tel:+234-703-178-2969 nic-hdl: TO24-AFRINIC mnt-by: GENERATED-OWFB1GHKLYUIC4XU1EFRMZ9Y6CWR0CPA-MNT source: AFRINIC # Filtered route: 102.69.144.0/22 descr: IP-EXPRESS-LTD origin: AS328451 mnt-by: IEL1-MNT source: AFRINIC # Filtered
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 12 days ago
Appeared in 10 threat reports