IP Intelligence Briefing: 102.223.92.101
Date: 2026-06-06
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Ownership: Registered to Koforidua Technical University (AFRINIC, GH).
- Geolocation: Ghana (Koforidua, 8.1°N, 1.2°W).
- Network Role: Firewalled / No Services (no open ports, no TLS/HTTP services).
- Threat Indicators:
- Listed in 3/8 DNSBLs (high severity).
- No known malware campaigns, spam, or Tor activity.
---
**2. Observation History**
- Recent Activity (Last 30 Days):
- DNSBL Listings: 3 high-severity entries (e.g., Spamhaus, Project Honey Pot).
- Geolocation Consistency: Stable Ghanaian origin.
- Network Stability: No ownership changes or persistent malicious behavior.
- Historical Context:
- First observed in May 2026; no prior abuse records.
- Subnet (102.223.92.0/23) shows 0 abuse density.
---
**3. Relationships & Network Context**
- Linked Entities:
- Same network as ORG-KTU1-AFRINIC (Koforidua Technical University).
- Subnet Analysis:
- 102.223.92.101/24 is clean, with 0 malicious neighbors.
- Total siblings: 1 (no active threats).
---
**4. Threat & Risk Assessment**
- Likelihood of Malicious Activity: Low.
- DNSBL Risk: Moderate (3/8 listings, but no recent exploitation indicators).
- Geographic Context: Educational institution in Ghana; no ties to known malicious regions.
---
**5. Recommended Actions**
1. Monitor DNSBL Status: Track changes in spam or abuse listings.
2. Network Segmentation: Ensure isolation from internal systems, given the firewalled state.
3. Verify Ownership: Confirm Koforidua Technical Universityβs control over the IP to rule out spoofing.
4. Baseline Traffic: Establish normal traffic patterns to detect anomalies.
---
Conclusion:
The IP is associated with a Ghanaian educational institution and shows no immediate malicious activity. While DNSBL listings suggest potential spam risks, the subnet is clean, and there is no evidence of ongoing exploitation. SOC teams should monitor for changes in reputation and ensure network segmentation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Koforidua Technical University |
| ASN | AS328647 |
| Network Name | ORG-KTU1-AFRINIC |
| CIDR Block | 102.223.92.0/23 |
| RIR | AFRINIC |
| Country | GH |
| Abuse Contact | β |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 21% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 19% | 2 | 2 |
| reputation | 13% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 16% | 9 | 10 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-12 09:39:28 UTC |
| Last Seen | 2026-06-26 18:10:10 UTC |
| Profile Built | 2026-06-26 15:49:58 UTC |
| Data Freshness | Live |
| Signal Types | 14 |
| Total Observations | 14 |
Full dossier details are available via our API.