IPMediumSignal 56/100
185.209.199.146
Location
SwedenGothenburg, Vastra Gotalands lan
ASN
AS39351
31173 Services AB
First Seen
Aug 18, 2024
Last Seen
Jun 12, 2026
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountrySweden
SwedenRegionGothenburg, Vastra Gotalands lan
ASNAS39351
Organization31173 Services AB
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
6 reports56% confidence
6
Source reports
56%
Confidence score
Category tags
active scanactive scanningantispambad web botbotnet activitybrute forcebrute force attackbrute-forcecredential accesscredential stuffingddosddos attackeuropeexploitexploitation activityexploited hosthackingidentity & access exploitationinjection activitylog4jnetworkopen proxypassword attacksping of deathproxyreconnaissanceresearchedscannersespamsql injectionssh attackswedent1110.001t1110.002t1110.003t1110.004t1595.001t1595.002t1595.003targeting databasetpotvpnvpn ipvulnerability scanvulnerability-exploitationweb app attack
Activity Timeline
Jun 12Jun 12
Threat Activity Heatmap
· Peak: 2026-06-12LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
6
Reports
First seenAug 18, 2024
Last seenJun 12, 2026
GeolocationSE
CountrySweden
LocationGothenburg, Vastra Gotalands lan
ASNAS39351
Org31173 Services AB
Coords57.7074, 11.9667
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:reported. 185.209.199.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).
- raw
- inetnum: 185.209.199.0 - 185.209.199.255 netname: NET-31173-185-209-199-0-24 country: SE descr: 31173 Services AB infrastructure in Gothenburg, SE. geofeed: https://www.31173.se/esab-networks-geo-location.csv org: ORG-SA1601-RIPE admin-c: ESAB1-RIPE tech-c: ESAB1-RIPE status: ASSIGNED PA mnt-by: ESAB-MNT created: 2024-02-27T18:13:19Z last-modified: 2025-11-11T19:17:10Z source: RIPE organisation: ORG-SA1601-RIPE org-name: 31173 Services AB country: SE reg-nr: 556779-4697 org-type: LIR address: Scheelegatan 9 address: 21228 address: Malmo address: SWEDEN phone: +46406181000 admin-c: ESAB1-RIPE tech-c: ESAB1-RIPE abuse-c: ESAB1-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: ESAB-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: ESAB-MNT created: 2014-07-21T14:00:47Z last-modified: 2026-05-13T07:35:39Z source: RIPE # Filtered role: ESAB NOC address: 31173 Services AB address: Scheelegatan 9 address: 21228 address: Malmo address: SWEDEN phone: +46406181000 abuse-mailbox: [email protected] admin-c: NEMO1-RIPE tech-c: KPE-RIPE nic-hdl: ESAB1-RIPE mnt-by: ESAB-MNT created: 2009-12-16T20:19:00Z last-modified: 2024-01-22T09:54:56Z source: RIPE # Filtered route: 185.209.199.0/24 origin: AS39351 mnt-by: ESAB-MNT created: 2024-02-27T18:13:19Z last-modified: 2024-02-27T18:13:19Z source: RIPE
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 17 days ago
Appeared in 6 threat reports