IOC Radar
IPMediumSignal 82/100

87.106.143.220

Location
United KingdomUnited Kingdom
Worcester, England
ASN
AS8560
IONOS SE
First Seen
Jan 16, 2026
Last Seen
May 27, 2026
Jan 16
First Seen
148d ago
May 27
Last Seen
16d ago
14
Reports
source reports
82%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
82%
Signal Score
82 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

55 techniques

Network Information

CountryGBUnited Kingdom
RegionWorcester, England
ASNAS8560
OrganizationIONOS SE

Feed Intelligence Summary

14 reports82% confidence
14
Source reports
82%
Confidence score
Category tags
abuseabuse.ch threatfoxabuse.ch threatfox apiabusech-threatfox-c2cabusech-urlhaus-c2caccess controlactive scanactive scanningalienvault_ransomwareand unknownapplication layer protocolaptarmasyncratattackauto-generatedautomated analysisautomated osintautomated sweepautomated-analysisaverage bde 85backdoorbad reputationbad web botbde 85binblog spambotnetbotnet activitybotnetdomainbqtlockbrute forcebrute force attackbrute force attemptc2c2 frameworkc2 infrastructurec2 monitor autoc2-infrastructurecensyscnccobaltcobalt groupcobalt strikecobalt strike frameworkcobalt-strikecobaltstrikecoinminercommand & controlcommand and controlcommunication protocolcompromised infrastructure detectedcompromised systemcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingcryptocurrencydata encryptiondata exfiltrationdata store exposuredcratddosddos attackddos attacksddosagentdecoy systemdenial of servicedistributed attacksdropped by amadeydropped-by-amadeyelfencryptioneuropeexeexecutable fileexfiltrationexploitation activityexploited hostextortionfrfranceftp brute forcegafgytgbgermanyghost ratgzhackinghajimehoneytrap honeypothttp scanninghttpsidentity & access exploitationindicatorinfostealerinitial accessinjection activityinternet of thingsintrusion detectioniociocsiot botnetiot securityiot targetediot/ics attackjarlamplamp stack attacklateral movementlateral movement activitylinuxm68kmalgentmalicious activitymalicious ipmalicious softwaremalwaremalware activity detectionmalware distributionmalware distribution campaignmangometerpretermipsmiraimirai botnetmozinetworknetwork attacksnetwork communicationnetwork scanningnetwork securitynetwork service scanningnew caledoniaopenctiopendirosintosint-volleypassword attacksphishingphishing attackpossible mirai variantpowerpcprocess injectionprotocol exploitationquasar ratquasar-ratquasarratransom demandransomwareransomware activityratreconnaissanceremcos trojanremote accessremote servicesresearchedsaint helena, ascension and tristan da cunhasantastealerscams & fraudscanscannersecurity operationssecurity policyself-signed certificateself-signed certificatesself-signed-certificateservice scansftpsftp activitysftp attacksliversocial engineeringspamsparcsshssh attackssh monitoringsshdkitsslssl certificatesstealcstealc malwaresuperhsystem disruptiont1003t1005t1016t1021t1021.001t1021.002t1027t1040t1041t1046t1053t1055t1056.001t1059t1059.001t1059.003t1071t1071.001t1071.002t1071.004t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1219t1486t1490t1496t1499.001t1499.002t1499.003t1539t1555.003t1565t1566t1566.001t1566.002t1566.003t1568t1568.002t1569t1569.002t1573t1573.001t1595t1595.001t1595.002t1595.003tartcptcp protocoltelnettelnet threattgzthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreatfox apithreatfox-apitor nodettpsua-wgetudp port scanunited kingdomunited statesunknown malwareunknown-malwarevidarweb application attackweb exploitationweb spamwsgidavx86xorddosxworm

Activity Timeline

1 total obs
May 27May 27

Threat Activity Heatmap

· Peak: 2026-05-27
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
82
SIGNAL
Signal Score
82%
Confidence
14
Reports
First seenJan 16, 2026
Last seenMay 27, 2026
GeolocationGB
CountryUnited Kingdom
LocationWorcester, England
ASNAS8560
OrgIONOS SE
Coords51.2993, 9.4910

VirusTotal

Not checked

WHOIS

raw
inetnum: 87.106.143.0 - 87.106.143.255 netname: gb-wtr-ionos-cloud-bhx1 descr: IONOS SE country: GB admin-c: IPAD-RIPE tech-c: IPOP-RIPE status: ASSIGNED PA mnt-by: AS8560-MNT created: 2024-10-10T12:46:25Z last-modified: 2025-10-08T16:16:31Z source: RIPE role: IP Administration address: IONOS SE admin-c: SH15342-RIPE tech-c: SH15342-RIPE mnt-ref: AS8560-MNT nic-hdl: IPAD-RIPE abuse-mailbox: [email protected] mnt-by: AS8560-MNT created: 2009-05-20T17:24:09Z last-modified: 2025-09-26T12:26:46Z source: RIPE # Filtered role: IP Operations address: IONOS SE admin-c: SH15342-RIPE tech-c: SH15342-RIPE mnt-ref: AS8560-MNT nic-hdl: IPOP-RIPE abuse-mailbox: [email protected] mnt-by: AS8560-MNT created: 2009-05-28T16:25:04Z last-modified: 2025-09-26T12:26:44Z source: RIPE # Filtered route: 87.106.143.0/24 descr: IONOS SE origin: AS8560 mnt-by: AS8560-MNT created: 2025-10-08T16:30:18Z last-modified: 2025-10-08T16:30:18Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://analytics.dugganusa.com/api/v1/stix-feed/v2, https://threatfox.abuse.ch

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 16 days ago
Appeared in 14 threat reports