IOC Radar
IPMediumSignal 100/100

179.43.160.138

Location
SwitzerlandSwitzerland
Rümlang, Zurich
ASN
AS51852
Private Layer Inc
First Seen
Feb 3, 2025
Last Seen
Feb 15, 2026
Feb 3
First Seen
498d ago
Feb 15
Last Seen
122d ago
17
Reports
source reports
99%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

39 techniques

Network Information

CountryCHSwitzerland
RegionRümlang, Zurich
ASNAS51852
OrganizationPrivate Layer Inc

IP Category

Hosting
Hosting provider

Feed Intelligence Summary

17 reports99% confidence
17
Source reports
99%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseactive scanningadbhoney activityadbhoney honeypotattackblacklist candidatebotnetbotnet activitybrute forcebrute force attackchcommand and controlcommunication protocolcommunication securityconnectcowriecowrie activitycowrie attackcowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationddos attacksdecoy systemdionaeadionaea activitydionaea attackdionaea honeypotdistributed attacksemaileuropeftp brute forcegithubgroupshoneytrap activityhoneytrap honeypotindexindicatorinformation technologyinternet of thingsintrusion detectioniot botnetiot/ics attacklamplamp attacklamp exploitation attemptslamp stack attackmailoney activitymailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemirai botnetnetworknetwork attacksnetwork scanningnetwork securitynorth americapassword attacksphishingphishing attackphishing trappotential malware distributionprocess injectionprotocol exploitationpythonreconnaissanceresearchedresource hijackingscanscannerscriptscripting attackssecurity policyself-signedsentrypeer activitysentrypeer botnetsftpsftp activitysftp attacksipsip brute forcesip scanningslugsmtp brute forcesocial engineeringsocradar honeypotsshssh attackssh monitoringsurface webt1016t1018t1021t1040t1041t1046t1053t1055t1059t1059.004t1059.007t1071.001t1078t1078.001t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1583t1588t1595t1595.001t1595.002t1595.003tannertanner attacktcptcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontpotceunited statesvoipvoip attackweb attackweb exploitation

Activity Timeline

1 total obs
Feb 15Feb 15

Threat Activity Heatmap

· Peak: 2026-02-15
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
17
Reports
First seenFeb 3, 2025
Last seenFeb 15, 2026
GeolocationCH
CountrySwitzerland
LocationRümlang, Zurich
ASNAS51852
OrgPrivate Layer Inc
Coords47.4505, 8.5255
Hosting

VirusTotal

Not checked

WHOIS

description
2025-02-11T16:00:48.608Z Honeypot : Dionaea : Source: 179.43.160.138 : Port: 81 Connection: {'transport': 'tcp', 'type': 'accept', 'protocol': 'httpd'}
raw
inetnum: 179.0.0.0 - 179.61.127.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2022-03-02T14:20:53Z last-modified: 2022-03-02T14:20:53Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered route: 179.43.160.0/24 descr: ROUTE OBJECT origin: AS51852 mnt-by: KP73900-MNT created: 2014-04-03T15:23:02Z last-modified: 2018-09-04T17:53:17Z source: RIPE-NONAUTH
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 17 threat reports