IOC Radar
IPMediumSignal 47/100

87.120.127.78

Location
NetherlandsNetherlands
Amsterdam, 02
ASN
AS208220
Offerhost Solutions Inc
First Seen
Dec 28, 2024
Last Seen
Apr 30, 2026
Dec 28
First Seen
531d ago
Apr 30
Last Seen
43d ago
14
Reports
source reports
47%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
47%
Signal Score
47 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Network Information

CountryNLNetherlands
RegionAmsterdam, 02
ASNAS208220
OrganizationOfferhost Solutions Inc

Feed Intelligence Summary

14 reports47% confidence
14
Source reports
47%
Confidence score
Category tags
abuseaccount discoveryaccount profilingaccount takeoveractive scanactive scanningatif feedattackaustraliaauthenticationauthentication attackauto-generated securitybad reputationbanlist feedbgbinary defensebotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute-forcbulgariacisco devicecommand and controlcowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposuredecoy systemdevice managementdistributed attacksenterprise networkingeuropeexploitation activityidentity & access exploitationinfoinfrastructure acquisitionreconnaissanceinjection activitymalicious activitymalicious softwaremalwaremanualnetherlandsnetworknetwork infrastructurenetwork intrusionnetwork scanningnetwork securitynetwork service scanningnlnorth americanoticeoceaniapassword attackpassword attacksphishingphishing attackprocess injectionproxyreconnaissanceremote accessremote servicesresearchedscannersecurity operationsservice scansftp attacksocial engineeringssh attackssh monitoringt1021.004t1041t1055t1059.004t1071.001t1078t1078.001t1078.002t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1499.001t1499.002t1499.003t1550.002t1555t1555.003t1565t1566.001t1566.002t1566.003t1567t1587.001t1588.004t1589t1589.002t1590.001t1595t1595.001t1595.002t1595.003threat actorthreat intelligencetor nodetpotunauthorized access attemptsunited statesus

Activity Timeline

1 total obs
Apr 30Apr 30

Threat Activity Heatmap

· Peak: 2026-04-30
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
47
SIGNAL
Signal Score
47%
Confidence
14
Reports
First seenDec 28, 2024
Last seenApr 30, 2026
GeolocationNL
CountryNetherlands
LocationAmsterdam, 02
ASNAS208220
OrgOfferhost Solutions Inc
Coords42.4963, 27.4646

VirusTotal

Not checked

WHOIS

description
Host bruteforcing SSH
raw
inetnum: 87.120.126.0 - 87.120.130.255 netname: BG-NETERRAIP-20050712 country: BG org: ORG-NL38-RIPE admin-c: ND621-RIPE tech-c: Nc2110-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-by: MNT-NETERRA mnt-lower: MNT-NETERRA mnt-domains: MNT-NETERRA mnt-routes: MNT-NETERRA created: 2025-04-10T12:55:32Z last-modified: 2025-04-10T12:55:32Z source: RIPE # Filtered organisation: ORG-NL38-RIPE org-name: Neterra Ltd. country: BG org-type: LIR address: 9 Vitoshki Kambani Street, Kambanite Green Offices, Fl. 3 address: 1756 address: Sofia address: BULGARIA phone: +359 2 974 3311 fax-no: +359 2 975 3436 admin-c: DB2806-RIPE admin-c: TM6693-RIPE admin-c: PM12656-RIPE admin-c: YK188-RIPE admin-c: JG4195-RIPE admin-c: AN4419-RIPE admin-c: II919-RIPE admin-c: MA17342-RIPE admin-c: ZY97-RIPE admin-c: KI720-RIPE admin-c: JK4334-RIPE abuse-c: Nc2110-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: MNT-NETERRA mnt-by: RIPE-NCC-HM-MNT mnt-by: MNT-NETERRA created: 2004-11-18T06:11:25Z last-modified: 2023-12-07T11:33:45Z source: RIPE # Filtered role: Neterra contacts address: 9 Vitoshki Kambani str. address: Sofia, Bulgaria phone: +359 2 975 16 16 abuse-mailbox: [email protected] admin-c: ND621-RIPE tech-c: YK188-RIPE tech-c: JG4195-RIPE tech-c: DB2806-RIPE tech-c: TM6693-RIPE tech-c: PM12656-RIPE tech-c: JM402-RIPE tech-c: AN4419-RIPE tech-c: II919-RIPE tech-c: ZY97-RIPE tech-c: MA17342-RIPE nic-hdl: Nc2110-RIPE mnt-by: MNT-NETERRA created: 2007-11-19T10:13:55Z last-modified: 2023-11-24T11:41:43Z source: RIPE # Filtered person: Neven Dilkov address: 9 Vitoshki Kambani str. address: Sofia address: BG phone: +359 2 974 3311 fax-no: +359 2 975 3436 nic-hdl: ND621-RIPE mnt-by: MNT-NETERRA created: 2004-11-18T09:07:34Z last-modified: 2023-11-24T11:40:33Z source: RIPE # Filtered
references
https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://redpiranha.net, https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 14 threat reports