IPMediumSignal 69/100

`179.43.146.226`

Location

Switzerland

Rümlang, ZH

ASN

AS51852

Private Layer Inc

First Seen

Mar 19, 2026

Last Seen

Jun 9, 2026

Mar 19

First Seen

83d ago

Jun 9

Last Seen

2d ago

Reports

source reports

69%

Confidence

medium

Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

69%

Signal Score

69 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

38 techniques

Network Information

Country

Switzerland

RegionRümlang, ZH

ASNAS51852

OrganizationPrivate Layer Inc

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

17 reports69% confidence

Source reports

69%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive scanactive scanningactive-attackapacheapache attackeraptasiaattackaustraliaautomated attacksautomated threatbad reputationbad web botblocklist_allblog spambothammerbotnetbotnet activitybotnet_activitybrute forcebrute force attackbrute force attackerbrute-forcebulgariachciscocisco devicecloudcloud infrastructurecloud infrastructure attackcloud servicescogentcommand and controlcommand executioncommunication protocolcowriecowrie honeypotcredential accesscredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential-harvestingctrlscyberattackdaily-threat-feeddata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-servicedevice managementdhcpdigital oceandionaeadionaea honeypotdistributed attackselasticsearchencryptionenterprise networkingenv-huntingeuropeexploit attemptsexploitation activityexploited hostexternal access attemptsfattfilehash-sha256-iocfraud ordersfraud voipftpftp brute-forceftp-bruteforcehackinghoneytrap honeypothttp scannerhttp/shttpshydraidentity & access exploitationimapindiaindicatorinformation gatheringinitial accessinitial-accessinjection activityinjection attacksiot securityiot targetedipv4ipv4-ioclamplateral movementldaplinux serverslinux systemsmailoney honeypotmalicious activitymalicious-filemalicious-ipmalwaremalware behaviourmalware capturemssqlnetworknetwork infrastructurenetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork servicesnginxntpoceaniaopen proxyoraclep0fpanamapassword attacksperimeter securityphishingphishing attackphishing trapping of deathport-scanningportscanpostgresprotocol exploitationproxyransomwarerdp-bruteforcerealtime-wafreconnaissanceredisremote accessremote servicesresearchedresource hijackingscams & fraudscanscannerscannerssecurity operationssecurity policysensor-taggedsentrypeer botnetserver exploitationserver securityserviceservice scanservice scanningsftpsftp attacksiemsipsmbsmb-bruteforcesmtpsnmpsocial engineeringsocks5spamsql injectionsshssh attackssh monitoringssh-bruteforcesystem accesst1021t1021.001t1021.002t1040t1041t1046t1059t1059.003t1059.005t1071.001t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1566.001t1566.002t1566.003t1590t1590.006t1592.002t1595t1595.001t1595.002t1595.003tamatiya eoodtannertargeting databasetelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelthreat intelligencethreat preventionthreat-detectionthreat-intelligencetor nodetpotunitedunited kingdomunknown threat actorvncvnc protocolvoipvoip attackvpnvpn ipvultrweb app attackweb application attackweb attacksweb exploitweb exploitationweb spamweb traffic

Activity Timeline

1 total obs

Jun 9Jun 9

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

69%

Confidence

Reports

First seenMar 19, 2026

Last seenJun 9, 2026

GeolocationCH

CountrySwitzerland

LocationRümlang, ZH

ASNAS51852

OrgPrivate Layer Inc

Coords47.3682, 8.5671

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw: NetRange: 179.0.0.0 - 179.255.255.255 CIDR: 179.0.0.0/8 NetName: LACNIC-179 NetHandle: NET-179-0-0-0-1 Parent: () NetType: Allocated to LACNIC OriginAS: Organization: Latin American and Caribbean IP address Regional Registry (LACNIC) RegDate: 2011-01-04 Updated: 2011-02-08 Comment: This IP address range is under LACNIC responsibility Comment: for further allocations to users in LACNIC region. Comment: Please see http://www.lacnic.net/ for further details, Comment: or check the WHOIS server located at http://whois.lacnic.net Ref: https://rdap.arin.net/registry/ip/179.0.0.0 ResourceLink: http://lacnic.net/cgi-bin/lacnic/whois ResourceLink: whois.lacnic.net OrgName: Latin American and Caribbean IP address Regional Registry OrgId: LACNIC Address: Rambla Republica de Mexico 6125 City: Montevideo StateProv: PostalCode: 11400 Country: UY RegDate: 2002-07-27 Updated: 2018-03-15 Ref: https://rdap.arin.net/registry/entity/LACNIC ReferralServer: whois://whois.lacnic.net ResourceLink: http://lacnic.net/cgi-bin/lacnic/whois OrgTechHandle: LACNIC-ARIN OrgTechName: LACNIC Whois Info OrgTechPhone: +598-2604-2222 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/LACNIC-ARIN OrgAbuseHandle: LWI100-ARIN OrgAbuseName: LACNIC Whois Info OrgAbusePhone: +598-2604-2222 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/LWI100-ARIN Socket not responding: [Errno 111] Connection refused
references: https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-23/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-23/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-24/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-22/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-22/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-22/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-21/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-20/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-20/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-20/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-20/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-19/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-19/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-19/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-19/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-18/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-18/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-18/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-18/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-19/, TSOC_IP.csv, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-16/

`179.43.146.226`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy