IOC Radar
IPMediumSignal 82/100

179.43.168.58

Location
SwitzerlandSwitzerland
Rümlang, ZH
ASN
AS51852
Private Layer Inc
First Seen
May 23, 2026
Last Seen
Jun 12, 2026
May 23
First Seen
23d ago
Jun 12
Last Seen
3d ago
15
Reports
source reports
82%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
82%
Signal Score
82 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

1 techniques

Network Information

CountryCHSwitzerland
RegionRümlang, ZH
ASNAS51852
OrganizationPrivate Layer Inc

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

15 reports82% confidence
15
Source reports
82%
Confidence score
Category tags
abuseactive scanapacheapache attackerbad reputationbad web botblocklist_allbotnet activitybrute forcebrute force attackerbrute-forcebruteforcechcowrieddosddos attackdigital oceandionaeaeuropeexploitexploitation activityexploited hostfatthackinginbound scanindicatorinjection activitynetworkopen proxyp0fphishingportscanproxyresearchedscannerscannerssensor-taggedservice scanspamsql injectionssht1595tannertargeting databasetpotvpnvpn ipvulnerability scanvulnerability-exploitationvultrweb app attackweb spam

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
82
SIGNAL
Signal Score
82%
Confidence
15
Reports
First seenMay 23, 2026
Last seenJun 12, 2026
GeolocationCH
CountrySwitzerland
LocationRümlang, ZH
ASNAS51852
OrgPrivate Layer Inc
Coords47.3682, 8.5671
ProxyVPN

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=CH; ports=443 Location=Sydney, Australia.
raw
NetRange: 179.0.0.0 - 179.255.255.255 CIDR: 179.0.0.0/8 NetName: LACNIC-179 NetHandle: NET-179-0-0-0-1 Parent: () NetType: Allocated to LACNIC OriginAS: Organization: Latin American and Caribbean IP address Regional Registry (LACNIC) RegDate: 2011-01-04 Updated: 2011-02-08 Comment: This IP address range is under LACNIC responsibility Comment: for further allocations to users in LACNIC region. Comment: Please see http://www.lacnic.net/ for further details, Comment: or check the WHOIS server located at http://whois.lacnic.net Ref: https://rdap.arin.net/registry/ip/179.0.0.0 ResourceLink: http://lacnic.net/cgi-bin/lacnic/whois ResourceLink: whois.lacnic.net OrgName: Latin American and Caribbean IP address Regional Registry OrgId: LACNIC Address: Rambla Republica de Mexico 6125 City: Montevideo StateProv: PostalCode: 11400 Country: UY RegDate: 2002-07-27 Updated: 2018-03-15 Ref: https://rdap.arin.net/registry/entity/LACNIC ReferralServer: whois://whois.lacnic.net ResourceLink: http://lacnic.net/cgi-bin/lacnic/whois OrgTechHandle: LACNIC-ARIN OrgTechName: LACNIC Whois Info OrgTechPhone: +598-2604-2222 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/LACNIC-ARIN OrgAbuseHandle: LWI100-ARIN OrgAbuseName: LACNIC Whois Info OrgAbusePhone: +598-2604-2222 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/LWI100-ARIN Socket not responding: [Errno 111] Connection refused

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 23 days ago · Last seen 3 days ago
Appeared in 15 threat reports