IOC Radar
IPMediumSignal 46/100

94.156.65.5

Location
United KingdomUnited Kingdom
Canary Wharf, 16
ASN
AS208893
Sparks Communications LTD
First Seen
Jun 5, 2024
Last Seen
Apr 15, 2026
Jun 5
First Seen
734d ago
Apr 15
Last Seen
56d ago
12
Reports
source reports
46%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
46%
Signal Score
46 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

40 techniques

Network Information

CountryGBUnited Kingdom
RegionCanary Wharf, 16
ASNAS208893
OrganizationSparks Communications LTD

Feed Intelligence Summary

12 reports46% confidence
12
Source reports
46%
Confidence score
Category tags
abuseactive scanasiaattackbad reputationbotnetbotnet activitybrute forcebulgariac2c2 communicationc2 ipchinacobaltcobalt strikecobaltstrikecommand & controlcommand and controlcowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredecoy systemdistributed attacksempire c2europeexploitation activityfeedfeed malwarefeeds agentfeeds maliciousgh0strathuameng academyhuameng academy relatedhvvidentity & access exploitationindicatorinfoinformation technologyinjection activityintrusion detectioniocsit infrastructuremalicious activitymalicious domainsmalicious ipsmalicious softwaremalwaremalware distributionnetworknetwork securityphishingphishing attackpossible malware activitypossible poshc2potential malware communicationprocess injectionransomwareremote access trojanresearchedscannersecurity operationssocial engineeringsoftware developmentssh attackssh monitoringstrongt1005t1016t1016.001t1020t1027t1040t1041t1055t1059t1059.001t1059.004t1071t1071.001t1078t1078.004t1083t1105t1110.002t1190t1204t1204.002t1218t1218.011t1486t1496t1499.001t1499.002t1499.003t1547t1547.001t1565t1566t1566.001t1566.002t1566.003t1568t1568.002t1569.002t1573t1573.001threat actorthreat intelligencetor nodeunited kingdomus

Activity Timeline

1 total obs
Apr 15Apr 15

Threat Activity Heatmap

· Peak: 2026-04-15
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
46
SIGNAL
Signal Score
46%
Confidence
12
Reports
First seenJun 5, 2024
Last seenApr 15, 2026
GeolocationGB
CountryUnited Kingdom
LocationCanary Wharf, 16
ASNAS208893
OrgSparks Communications LTD
Coords42.6270, 24.7995

VirusTotal

Not checked

WHOIS

description
CC=BG ASN=AS31420 terasyst ltd
raw
inetnum: 94.156.64.0 - 94.156.65.255 netname: IL-SPARKS-20080827 country: GB org: ORG-SCL108-RIPE admin-c: SA44084-RIPE tech-c: SA44084-RIPE status: ALLOCATED PA mnt-by: lir-il-sparks-1-MNT mnt-by: RIPE-NCC-HM-MNT created: 2025-09-02T11:20:01Z last-modified: 2025-09-03T21:17:09Z source: RIPE organisation: ORG-SCL108-RIPE org-name: SPARKS COMMUNICATIONS LTD country: IL org-type: LIR address: Emmek Yizrael 5 St address: 5592705 address: Ganny Tikva address: ISRAEL phone: +359 88 545 8205 phone: +972544815660 admin-c: SA44084-RIPE tech-c: SA44084-RIPE abuse-c: AR78571-RIPE mnt-ref: lir-il-sparks-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-il-sparks-1-MNT created: 2025-07-21T07:00:41Z last-modified: 2025-07-21T07:00:43Z source: RIPE # Filtered role: Sparks Admin address: ISRAEL address: Ganny Tikva address: 5592705 address: Emmek Yizrael 5 St phone: +972544815660 nic-hdl: SA44084-RIPE mnt-by: lir-il-sparks-1-MNT created: 2025-07-21T07:00:40Z last-modified: 2025-07-21T07:00:41Z source: RIPE # Filtered
references
https://www.aqtd.com/nd.jsp?id=7259, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://precisionsec.com/threat-intelligence-feeds/cobaltstrike/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 1 month ago
Appeared in 12 threat reports