IPMediumSignal 70/100

`196.28.242.198`

Location

Burkina Faso

Ouagadougou, Centre

ASN

AS25543

Onatel Burkina Faso

First Seen

Sep 5, 2024

Last Seen

Jun 5, 2026

Sep 5

First Seen

651d ago

Jun 5

Last Seen

14d ago

Reports

source reports

70%

Confidence

medium

Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

70%

Signal Score

70 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

66 techniques

Network Information

Country

Burkina Faso

RegionOuagadougou, Centre

ASNAS25543

OrganizationOnatel Burkina Faso

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

27 reports70% confidence

Source reports

70%

Confidence score

Category tags

abuseaccess attemptaccess controlaccount compromiseaccount lockoutactive scanactive scanningaggressive-detectionanomalous network connectionsapacheapache attackeraptasiaattackattack source: gbattacker ip addressesaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication brute forceauthentication failureauthentication_bypassauthentication_failuresauto-generated securityautomated attackautomated attacksautomated attemptsautomated blockingautomated threatbad reputationbad web botblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebrute_forcebruteforceburkina fasoc2c2 communicationc2 serverchina mobilecisco devicecisco device attackcisco exploit attemptscisco exploitation attemptcisco exploitation attemptscliftoncloud infrastructurecloud infrastructure attackcloud servicescolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemsconnection-resetcowriecowrie datacowrie honeypotcowrie interactionscowrie ssh attackcredential accesscredential compromisecredential guessingcredential harvestingcredential stuffingcredential theft attemptcredential_accesscredential_stuffingctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos mitigationdecoy systemdenial of servicedenial-of-service attemptdevice compromise attemptsdevice managementdictionary attackdionaea honeypotdionaea interactionsdistributed attacksenterprise networkingenumerationeuropeexecutable fileexploitexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexport-to-otxfail2ban alertfail2ban triggeredfailed authenticationfailed login attemptsfailed loginsfattfatt signaturesfilefinlandfranceftpftp attackftp brute forceftp brute-forcegermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp enumerationhttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationindiaindicatorinfoinformation technologyinfrastructure reconnaissanceinitial accessinjection activityinjection attacksintrusion prevention systemiociot securityiot targetedipv4ipv4 port scanningipv4 threatipv4_addressit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp exploit attemptslamp stacklateral movementlinux securitylinux systemslogin attacklogin attemptlogin attemptslogin brute-forcelogin failurelow-riskmailmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious ip listmalicious ipsmalicious loginmalicious sftp activitymalicious sftp loginmalicious softwaremalicious ssh activitymalicious ssh loginmalicious trafficmalwaremalware behaviourmalware capturemalware distributionmispmod securitynetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork perimeternetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork sniffingnetwork trafficnetwork traffic analysisnetwork_reconnaissancenetwork_service_exploitationnorth americanoticeoceaniaopenctiosintp0fp0f os fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandpossible botnet activitypossible malware distributionpotential malware uploadprocess injectionprotocol exploitationprotocol-probingpublicly accessible infrastructureransomwarereconnaissancereconnaissance activityredis honeypotremote accessremote access attemptremote access attemptsremote servicesremote_accessresearchresearchedresource hijackingscanscannerscannersscanning activityscripting attackssecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsserver securityservice exploitationservice scansftp access attemptssftp attacksftp attackssftp exploitation attemptssip brute forcesip scanningsmb brute forcesmtpsmtp attacksmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh bruteforcessh monitoringssh-brutesuricata alertsuricata alertssystem accesst1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550.002t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1588t1588.002t1588.004t1589t1589.002t1592t1595t1595.001t1595.002t1595.003ta0043 - reconnaissancetannertanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat activitythreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunited kingdomunited statesunknown threat actorus abuseus ip addressus noneus source ipuser enumerationutc+1:00valid accountsvoipvoip attackvpnvpn ipvpsvulnerability scanvultrweb app attackweb application attackweb application scanweb attackweb brute forceweb exploitweb exploitationweb loginweb login attackweb spamweb traffic

Activity Timeline

1 total obs

Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

70%

Confidence

Reports

First seenSep 5, 2024

Last seenJun 5, 2026

GeolocationBF

CountryBurkina Faso

LocationOuagadougou, Centre

ASNAS25543

OrgOnatel Burkina Faso

Coords12.3714, -1.5197

VPN

VirusTotal

Not checked

WHOIS

description: Banned by Fail2Ban [sshd]
raw: inetnum: 196.28.240.0 - 196.28.242.255 netname: ONDT1-20071215 descr: ONATEL descr: ADSL connectivity Provider country: BF admin-c: CD4-AFRINIC admin-c: EG4-AFRINIC admin-c: TAM1-AFRINIC tech-c: CD4-AFRINIC tech-c: EG4-AFRINIC tech-c: TAM1-AFRINIC status: ASSIGNED PA mnt-by: LIR-BF-ONATEL-MNT mnt-lower: LIR-BF-ONATEL-MNT source: AFRINIC # Filtered parent: 196.28.240.0 - 196.28.255.255 person: COULIBALY Drissa nic-hdl: CD4-AFRINIC address: ONATEL address: Ouagadougou 01 address: BF address: OUAGADOUGOU address: Burkina Faso phone: tel:+226-70-20-13-37 mnt-by: GENERATED-SJSALMQKUERH2IBAKLPL4RY2VMSRTWIY-MNT source: AFRINIC # Filtered person: Emmanuel GUIGMA nic-hdl: EG4-AFRINIC address: ONATEL, 01 P.O. BOX 10 000 address: Ouagadougou 01 address: Burkina Faso address: OUAGADOUGOU 01 BP 10000 address: Burkina Faso phone: tel:+226-70-20-13-38 fax-no: tel:+226-50-31-53-86 mnt-by: GENERATED-YRL5EUYQFWVVXA2SGBQTXHJKH1RZJO92-MNT source: AFRINIC # Filtered person: TRAORE Abdoul Malick address: ONATEL address: Ouagadougou 01 address: BF phone: tel:+226-70-20-13-68 nic-hdl: TAM1-AFRINIC mnt-by: GENERATED-MZI0EIGW90NRQ5RAMRJHZ2E5TQ4UMPXJ-MNT source: AFRINIC # Filtered route: 196.28.242.0/24 descr: route object ONATEL BURKINA FASO origin: AS25543 mnt-by: FasoNet-SECURITY-MNT source: AFRINIC # Filtered
references: https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://redpiranha.net, https://github.com/telekom-security/tpotce

`196.28.242.198`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey