IOC Radar
IPMediumSignal 56/100

185.209.199.146

Location
SwedenSweden
Gothenburg, Vastra Gotalands lan
ASN
AS39351
31173 Services AB
First Seen
Aug 18, 2024
Last Seen
Jun 12, 2026
Aug 18
First Seen
679d ago
Jun 12
Last Seen
17d ago
6
Reports
source reports
56%
Confidence
medium
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

7 techniques

Network Information

CountrySESweden
RegionGothenburg, Vastra Gotalands lan
ASNAS39351
Organization31173 Services AB

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

6 reports56% confidence
6
Source reports
56%
Confidence score
Category tags
active scanactive scanningantispambad web botbotnet activitybrute forcebrute force attackbrute-forcecredential accesscredential stuffingddosddos attackeuropeexploitexploitation activityexploited hosthackingidentity & access exploitationinjection activitylog4jnetworkopen proxypassword attacksping of deathproxyreconnaissanceresearchedscannersespamsql injectionssh attackswedent1110.001t1110.002t1110.003t1110.004t1595.001t1595.002t1595.003targeting databasetpotvpnvpn ipvulnerability scanvulnerability-exploitationweb app attack

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
6
Reports
First seenAug 18, 2024
Last seenJun 12, 2026
GeolocationSE
CountrySweden
LocationGothenburg, Vastra Gotalands lan
ASNAS39351
Org31173 Services AB
Coords57.7074, 11.9667
ProxyVPN

VirusTotal

Not checked

WHOIS

description
Score: 69/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:reported. 185.209.199.146 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).
raw
inetnum: 185.209.199.0 - 185.209.199.255 netname: NET-31173-185-209-199-0-24 country: SE descr: 31173 Services AB infrastructure in Gothenburg, SE. geofeed: https://www.31173.se/esab-networks-geo-location.csv org: ORG-SA1601-RIPE admin-c: ESAB1-RIPE tech-c: ESAB1-RIPE status: ASSIGNED PA mnt-by: ESAB-MNT created: 2024-02-27T18:13:19Z last-modified: 2025-11-11T19:17:10Z source: RIPE organisation: ORG-SA1601-RIPE org-name: 31173 Services AB country: SE reg-nr: 556779-4697 org-type: LIR address: Scheelegatan 9 address: 21228 address: Malmo address: SWEDEN phone: +46406181000 admin-c: ESAB1-RIPE tech-c: ESAB1-RIPE abuse-c: ESAB1-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: ESAB-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: ESAB-MNT created: 2014-07-21T14:00:47Z last-modified: 2026-05-13T07:35:39Z source: RIPE # Filtered role: ESAB NOC address: 31173 Services AB address: Scheelegatan 9 address: 21228 address: Malmo address: SWEDEN phone: +46406181000 abuse-mailbox: [email protected] admin-c: NEMO1-RIPE tech-c: KPE-RIPE nic-hdl: ESAB1-RIPE mnt-by: ESAB-MNT created: 2009-12-16T20:19:00Z last-modified: 2024-01-22T09:54:56Z source: RIPE # Filtered route: 185.209.199.0/24 origin: AS39351 mnt-by: ESAB-MNT created: 2024-02-27T18:13:19Z last-modified: 2024-02-27T18:13:19Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 17 days ago
Appeared in 6 threat reports