IOC Radar
IPMediumSignal 81/100

185.20.12.246

Location
SwedenSweden
Gothenburg, Vastra Gotalands lan
ASN
AS44136
ODERLAND Webbhotell AB
First Seen
Jun 28, 2025
Last Seen
Jan 26, 2026
Jun 28
First Seen
349d ago
Jan 26
Last Seen
137d ago
7
Reports
source reports
81%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
81%
Signal Score
81 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

44 techniques

Network Information

CountrySESweden
RegionGothenburg, Vastra Gotalands lan
ASNAS44136
OrganizationODERLAND Webbhotell AB

Feed Intelligence Summary

7 reports81% confidence
7
Source reports
81%
Confidence score
Category tags
active scanninganomalous network connectionsasiaauthentication attacksauthentication failureblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsc2china mobilecolumnscommand and controlcommunication protocolcompany limitedcompromised systemscowrie honeypotcredential accesscredential stuffingdaily_sourcesdata exfiltrationdata exfiltration attemptddosddos attackdecoy systemdenial of servicedenial-of-service attemptdistributed attacksenumerationeuropeexploitexploitation attemptsfailed accessfailed loginftpftp brute forcehk abusehandlerhong konghttp request anomalieshttp scannerhttp scanninghurricane usindicatorinitial accessioclateral movementlogin attacklogin attemptlogin failuremalicious ip activitymalicious softwaremalicious trafficmalwaremalware distributionnetworknetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningpassword attackpassword attackspgp signpossible botnet activitypossible malware distributionprocess injectionprotocol exploitationreconnaissancereconnaissance activityremote accessremote service interactionremote servicesresearchedscannerscanning activitysecurity operationssmtpsmtp brute forcesmtp scanningssh attackssh monitoringswedent-pott1016t1018t1021t1021.001t1021.002t1021.004t1040t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.004t1065t1068t1071t1071.001t1078t1078.001t1078.002t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1486t1496t1499.002t1499.003t1565t1588.004t1589t1592t1595t1595.001t1595.002t1595.003telnet threatthreat actor activitythreat feedthreat intelligencetimeouttop10.txttopips.txttpotunauthorized accessus abuseus nonevalid accountsweb traffic

Activity Timeline

1 total obs
Jan 26Jan 26

Threat Activity Heatmap

· Peak: 2026-01-26
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
81
SIGNAL
Signal Score
81%
Confidence
7
Reports
First seenJun 28, 2025
Last seenJan 26, 2026
GeolocationSE
CountrySweden
LocationGothenburg, Vastra Gotalands lan
ASNAS44136
OrgODERLAND Webbhotell AB
Coords57.7050, 11.9694

VirusTotal

Not checked

WHOIS

description
The following is the full text of the DShield.org block list, compiled by the organisation's own staff and copyrighted by its own developers, subject to copyright and other conditions, and is copyrighted. Data Sources: https://feeds.dshield.org/feeds/topips.txt https://feeds.dshield.org/feeds/top10.txt https://feeds.dshield.org/feeds/block.txt https://feeds.dshield.org/feeds/daily_sources THIS IS NOT A BLOCKLIST! DATA IS UNFILTERED AND CONTAINS FALSE POSITIVES.
raw
inetnum: 185.20.12.0 - 185.20.12.255 netname: ODERINFRA-NET country: SE admin-c: OD934-RIPE tech-c: OD934-RIPE status: ASSIGNED PA mnt-by: ODERLAND-MNT created: 2017-02-27T12:55:22Z last-modified: 2017-02-27T12:55:22Z source: RIPE person: ODERLAND NOC address: ODERLAND Webbhotell AB address: Kungsgatan 56 address: SE-411 08 Goteborg address: Sweden phone: +46.313616161 nic-hdl: OD934-RIPE mnt-by: ODERLAND-MNT created: 2010-10-14T10:52:20Z last-modified: 2024-11-23T15:50:34Z source: RIPE # Filtered route: 185.20.12.0/22 origin: AS44136 mnt-by: ODERLAND-MNT created: 2013-04-26T08:17:35Z last-modified: 2025-04-23T04:58:08Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 4 months ago
Appeared in 7 threat reports