IPMediumSignal 55/100
179.43.134.114
Location
SwitzerlandRümlang, Zurich
ASN
AS51852
Private Layer Inc
First Seen
Nov 27, 2025
Last Seen
Jun 9, 2026
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountrySwitzerland
SwitzerlandRegionRümlang, Zurich
ASNAS51852
OrganizationPrivate Layer Inc
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
13 reports55% confidence
13
Source reports
55%
Confidence score
Category tags
abuseactive scanactive scanningadbadb attacksadbhoney honeypotadbhoney interactionsadminandroidandroid devicesandroid_attackapi servicesaptasiaattackattacker-ipaustraliaauthentication abuseautomated attackautomated attack attemptsautomated attacksautomated_attackbad reputationbad web botblog spambotnetbotnet activitybotnet_activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute-force attackbrute_forcebruteforcechchinacisco attackscisco devicecisco device attackcisco devices targetingcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco_device_attackcode executioncommand and controlcommand executioncommand injectioncommunication protocolcompromise attemptconnected devicesconpot activityconpot honeypotconpot interactionscontent deliverycowriecowrie activitycowrie honeypotcowrie interactionscowrie logscowrie ssh activitycredential accesscredential guessingcredential harvestingcredential stuffingcredential_stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securitydatabase serversdatabase_attackdatabase_serverddosddos attackdecoy systemdenial of servicedevice managementdictionary attackdictionary_attackdionaeadionaea activitydionaea honeypotdionaea interactionsdionaea malware collectiondistributed attacksdnp3dnsdns attackdropperencryptionenterprise networkingethernet/ipeuropeexploitexploit attemptsexploit public-facing applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation_attemptexploited hostfattfranceftpftp brute forceftp brute-forcehackingheralding activityhoneypot datahoneytrap activityhoneytrap honeypothong konghttphttp brute forcehttp scannerhttpsics securityics/scada attackics/scada systemsidentity & access exploitationindicatorindustrial control systemsindustrial iotinitial accessinitial_accessinjection activityinjection attacksinternet of thingsiot analyticsiot applicationsiot device attacksiot device targetingiot devicesiot exploit attemptsiot platformsiot securityiot/ics attackiot_attackknown malicious iplamplamp exploitlamp exploit attemptslamp exploitation attemptslamp stack attacklamp stack targetinglamp_stack_attacklateral movementlcialinuxlinux systemlinux system exploitationmailoney honeypotmailoney interactionsmalicious activitymalicious code detectionmalicious ipmalicious login attemptsmalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware download attemptsmiraimobile threatmodbusmssqlmysql brute forcenetworknetwork devicenetwork device compromisenetwork devicesnetwork discoverynetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork_device_attacknetwork_reconnaissancenorth americaoceaniaopen proxyp0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathpossible exploit attemptpossible malicious activitypossible malware dropperpotential botnet activityprivilege escalationprocess injectionprotocol exploitationproxyransomwarerdpreconnaissanceremote accessremote access serviceremote servicesremote_access_serviceresearchedresource hijackingrobotscada/ics attacksscanscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetserver exploitationsftp activitysftp attacksftp attackssip attackssip brute forcesip scanningsmart devicessmb attackssmtpsmtp brute forcesocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptssshssh attackssh attacksssh monitoringt1021t1021.001t1021.002t1027t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1076t1077t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1589t1590t1595t1595.001t1595.002t1595.003tannertanner activitytanner interactionstargeting databasetcptelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotunauthorized accessunauthorized access attemptunited kingdomunited statesvnc protocolvoipvoip attackvoip systemvoip systemsvoip_attackweb apisweb app attackweb application attackweb application attacksweb application scanningweb applicationsweb attackweb developmentweb exploitationweb hostingweb infrastructureweb serverweb server attacksweb serversweb servicesweb shell uploadsweb spamweb technologiesweb trafficweb_attackweb_serverwinwindowswindows system
Activity Timeline
Jun 9Jun 9
Threat Activity Heatmap
· Peak: 2026-06-09LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
13
Reports
First seenNov 27, 2025
Last seenJun 9, 2026
GeolocationCH
CountrySwitzerland
LocationRümlang, Zurich
ASNAS51852
OrgPrivate Layer Inc
Coords47.3769, 8.5417
Proxy
VirusTotal
Not checked
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=CH; ports=3000,3001,3002,4000,4001 Location=Sydney, Australia.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 6 months ago · Last seen 13 days ago
Appeared in 13 threat reports