IOC Radar
IPMediumSignal 49/100

85.203.44.126

Location
SwedenSweden
Stockholm, Stockholm County
ASN
AS42708
Expres
First Seen
Sep 26, 2020
Last Seen
May 28, 2026
Sep 26
First Seen
2087d ago
May 28
Last Seen
17d ago
12
Reports
source reports
49%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
49%
Signal Score
49 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

10 techniques

Network Information

CountrySESweden
RegionStockholm, Stockholm County
ASNAS42708
OrganizationExpres

IP Category

Proxy
Proxy server

Feed Intelligence Summary

12 reports49% confidence
12
Source reports
49%
Confidence score
Category tags
active scanactive scanningantispamapacheapache attackerbad web botbotnet activitybrute forcebrute force attackcredential accesscredential stuffingddosdenial of serviceeuropeexploitation activityidentity & access exploitationlog4jnetherlandsnetworkopen proxypassword attacksproxyreconnaissanceresearchedscannersespamswedent1110.001t1110.002t1110.003t1110.004t1190t1203t1499.001t1595.001t1595.002t1595.003web application attackweb exploitation

Activity Timeline

1 total obs
May 28May 28

Threat Activity Heatmap

· Peak: 2026-05-28
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
49
SIGNAL
Signal Score
49%
Confidence
12
Reports
First seenSep 26, 2020
Last seenMay 28, 2026
GeolocationSE
CountrySweden
LocationStockholm, Stockholm County
ASNAS42708
OrgExpres
Coords52.3824, 4.8995
Proxy

VirusTotal

Not checked

WHOIS

description
The following is the full list of names given to Vye32GsS2g38eKhmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA
raw
inetnum: 85.203.44.0 - 85.203.44.255 netname: EXPRES-85-203-44-0 country: SE admin-c: JVV19-RIPE tech-c: JVV19-RIPE status: ASSIGNED PA mnt-by: PREFIXBROKER-MNT created: 2022-11-14T11:27:47Z last-modified: 2022-11-14T11:27:47Z source: RIPE person: Jeroen van veen address: Falco IPR B.V. address: De Hoefsmid 11-13 address: 1851 PZ Heiloo address: The Netherlands phone: +31 72 532 3744 nic-hdl: JVV19-RIPE created: 2002-09-16T13:46:49Z last-modified: 2018-05-01T12:11:21Z source: RIPE # Filtered mnt-by: MNT-FALCO route: 85.203.44.0/24 origin: AS42708 mnt-by: PREFIXBROKER-MNT created: 2022-11-14T11:27:47Z last-modified: 2022-11-14T11:27:47Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 17 days ago
Appeared in 12 threat reports