102.207.1.50 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 102.207.1.50 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 49/100

Host and Network Information

Tags

  • aaaa
  • active related
  • algorithm
  • ascii text
  • available from
  • body
  • ck id
  • classinfobase
  • click
  • cnamazon rsa
  • code
  • copy
  • copy md5
  • copy sha1
  • copy sha256
  • creation date
  • cus oamazon
  • date
  • default
  • directui
  • dnssec
  • domain
  • domain add
  • domain name
  • domain status
  • dynamicloader
  • element
  • email
  • emails
  • entries
  • error
  • general
  • getclassinfoptr
  • high
  • hybrid
  • indicator role
  • insert
  • june
  • key algorithm
  • key info
  • local
  • look
  • m03 validity
  • malware
  • medium
  • mitre att
  • moved
  • movie
  • name servers
  • null
  • number
  • passive dns
  • path
  • pattern match
  • pulse submit
  • pulses url
  • record type
  • refresh
  • registrar
  • registrar abuse
  • registrar url
  • restart
  • search
  • server
  • servers
  • sha1
  • sha256
  • show technique
  • span
  • status
  • strings
  • subject public
  • themida
  • title added
  • tools
  • ttl value
  • united
  • unknown ns
  • url analysis
  • url http
  • url https
  • urls
  • v3 serial
  • verify
  • write
  • write c

MITRE ATT&CK TTPs

  • T1057 - Process Discovery
  • T1060 - Registry Run Keys / Startup Folder
  • T1063 - Security Software Discovery
  • T1071 - Application Layer Protocol
  • T1105 - Ingress Tool Transfer
  • T1113 - Screen Capture
  • T1480 - Execution Guardrails
  • T1568 - Dynamic Resolution

Whois Information

inetnum: 102.207.1.0 - 102.207.1.255 netname: MAF_GPON_FTTH_YOP_RIV_EXT_2 descr: MOOV-AFRICA-CotedIvoire_GPON_FTTH_YOP_RIV_EXT_2 country: CI admin-c: SA150-AFRINIC admin-c: IK19-AFRINIC tech-c: SA150-AFRINIC tech-c: IK19-AFRINIC status: ASSIGNED PA mnt-by: moovci parent: 102.207.0.0 - 102.207.3.255 person: Ibrahima KOUYATE nic-hdl: IK19-AFRINIC address: AVENUE BOTREAU-ROUSSEL, Immeuble Kharrat - Plateau 01 BP 01 2347 ABIDJAN Cote D'ivoire address: Abidjan address: C�te d'Ivoire phone: tel:+225-0102000176 mnt-by: GENERATED-DO1HGCJ9OU4SWPIVY36KEDB4E4K1YCGV-MNT person: Stéphane ADOU address: AVENUE BOTREAU-ROUSSEL, address: Immeuble Kharrat - Plateau 01 BP 01 address: ABIDJAN 2347 address: Cote D'ivoire phone: tel:+225-01-00-04-49 nic-hdl: SA150-AFRINIC mnt-by: GENERATED-3QV3JCTWAE3CQQUZHCXGFBMI5OAESWT9-MNT route: 102.207.1.0/24 origin: AS37190 descr: MOOV-AFRICA-CotedIvoire_GPON_FTTH_YOP_RIV_EXT_2 mnt-by: moovci