IPMediumSignal 56/100
87.248.1.199
Location
NorwayGjøvik, 34
ASN
AS29492
Eidsiva
First Seen
May 18, 2024
Last Seen
Jun 2, 2026
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryNorway
NorwayRegionGjøvik, 34
ASNAS29492
OrganizationEidsiva
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
24 reports56% confidence
24
Source reports
56%
Confidence score
Category tags
abuseabuseipdbaccount accessaccount compromiseaccount discoveryaccount enumerationaccount lockoutaccount profilingaccount takeoveractive scanactive scanningadresse ipasiaatif feedattackaustraliaauthenticationauthentication brute forceauthentication bypassauto-generated securityazure adbad reputationbankingbanlist feedbelgiumbinary defensebotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsc2 communicationc2 servercisco devicecloud account securitycloud infrastructurecloud infrastructure attackcommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscowrie honeypotcredential accesscredential brute forcecredential harvestingcredential stuffingcredential-accesscredentialscredit card servicesdata exfiltrationdata store exposuredata theftdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringemail-protocolenterprise networkingeuropeexploitation activityexploited hostexternal remote servicesfailed authenticationfinancefinancial servicesfinancial technologyfinlandfoods and drinksfranceftp brute forcegermanyhackinghoneynet connecthoneytrap honeypothttp brute forceidentity & access exploitationimapimap attackimap brute forceindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityintrusion detectioniociot securityit infrastructurelamplamp server targetinglogin attacklogin attemptlogin attemptsmail servermalaysiamalicious activitymalicious loginmalicious script executionmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualmicrosoft entramicrosoft entra idmultiple usersnetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusionnetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-protocolnonorth americanorwayoceaniaos credential dumpingpassword attackpassword attackspassword crackingpayment processingphishingphishing attackpolandpop3 brute forceprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingrtbhsaslsasl authenticationsasl brute forcescannerscannersscanning activitysecurity operationssentrypeer botnetservice scansftp access attemptsftp attacksmtpsmtp attackersmtp brute forcesocial engineeringsoftware developmentspamssh attackssh monitoringt1003t1021t1021.004t1040t1041t1046t1055t1059t1059.004t1071t1071.001t1078t1078.002t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1555t1555.003t1565t1566.001t1566.002t1566.003t1566.004t1567t1573t1573.001t1587.001t1588t1588.004t1589t1589.002t1590.001t1595t1595.001t1595.002t1595.003tannertargeting databasetcp brute forcetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodeudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunited statesvalid accountsvoipvoip attackvpnvpn ipvulnerability scanwealth managementweb app attackweb application attackweb exploitation
Activity Timeline
Jun 2Jun 2
Threat Activity Heatmap
· Peak: 2026-06-02LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
24
Reports
First seenMay 18, 2024
Last seenJun 2, 2026
GeolocationNO
CountryNorway
LocationGjøvik, 34
ASNAS29492
OrgEidsiva
Coords60.8847, 11.5538
VPN
VirusTotal
Not checked
WHOIS
- description
- List of SSH attacking IPs detected by Rimba Siber honeypot.
- raw
- inetnum: 87.248.0.0 - 87.248.15.255 netname: EIDSIVA descr: Broadband Access country: NO admin-c: EBRO1-RIPE tech-c: EBRO1-RIPE tech-c: EBRO1-RIPE status: ASSIGNED PA remarks: +--------------------------------------- remarks: | | remarks: | Abuse requests regarding this segment | remarks: | should be sent to [email protected] | remarks: | | remarks: +--------------------------------------- mnt-by: EIDSIVA-MNT created: 2010-02-18T09:02:54Z last-modified: 2022-12-07T09:40:17Z source: RIPE # Filtered role: Eidsiva bredband role object address: Postboks 224 address: NO-2601 Lillehammer address: Norway phone: +47 03370 fax-no: +47 6125 9552 admin-c: IDE13-RIPE nic-hdl: EBRO1-RIPE mnt-by: EIDSIVA-MNT abuse-mailbox: [email protected] created: 2013-11-07T10:22:32Z last-modified: 2013-11-07T10:22:32Z source: RIPE # Filtered route: 87.248.0.0/21 descr: NO-EIDSIVA origin: AS29492 remarks: Abuse: [email protected] mnt-by: EIDSIVA-MNT created: 2005-09-12T20:52:48Z last-modified: 2017-08-21T11:03:15Z source: RIPE
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://github.com/telekom-security/tpotce, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 12 days ago
Appeared in 24 threat reports