IOC Radar
IPMediumSignal 83/100

179.43.191.18

Location
SwitzerlandSwitzerland
Rümlang, ZH
ASN
AS51852
Private Layer Inc
First Seen
Oct 15, 2022
Last Seen
Aug 20, 2025
Oct 15
First Seen
1352d ago
Aug 20
Last Seen
313d ago
22
Reports
source reports
83%
Confidence
medium
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
83%
Signal Score
83 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

39 techniques

Network Information

CountryCHSwitzerland
RegionRümlang, ZH
ASNAS51852
OrganizationPrivate Layer Inc

Feed Intelligence Summary

22 reports83% confidence
22
Source reports
83%
Confidence score
Category tags
abuseabuseipdbactive scanningantispamapacheattackauthentication bypassauthentication failuresautomotive manufacturingbankingbotnetbrute forcebrute force attackcivil servicescommand and controlcommand injectioncommunication protocolcredential accesscredential harvestingcredential stuffingcredit card servicescsrfdata breachdata exfiltrationdatabase securityddosdecoy systemdenial of servicedirectory traversaldistributed attacksdoselectronics manufacturingeuropeexploitationexploitsfinancefinancial servicesfinancial technologyftp brute forcegovernment technologyhttp scannerhttpsindicatorindustrial automationindustrial iotindustrial productioninformation leakageinjectioninjection attacksintrusion detectionioclog4jmalicious activitymalicious softwaremalwaremanufacturing technologynetworknetwork probingnetwork scanningnetwork securitynextrayowaspowasp top 10password attackspayment processingphishing attackprocess injectionprocess manufacturingpublic administrationpublic facing exploitationpublic infrastructurepublic policyquality controlreconnaissanceregulatory agenciesresearchedrtbhscanscannerscanning activityscripting attackssecurity operationssession hijackingsocial engineeringsqlissh attacksupply chain managementt1027t1040t1046t1055t1059.003t1059.004t1059.007t1068t1071.001t1110t1110.001t1110.002t1110.003t1110.004t1133t1188t1189t1190t1195t1199t1202t1203t1486t1496t1499.001t1499.002t1499.003t1505.001t1505.003t1565t1566.001t1566.002t1566.003t1588t1592t1595t1595.001t1595.002t1595.003tcp/80telecommunicationsthreat actorthreat intelligenceunited kingdomvoipvulnerability scanwealth managementweb application attackweb attackweb exploitationweb scannerweb shell uploadweb trafficxss

Activity Timeline

1 total obs
Aug 20Aug 20

Threat Activity Heatmap

· Peak: 2025-08-20
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
83
SIGNAL
Signal Score
83%
Confidence
22
Reports
First seenOct 15, 2022
Last seenAug 20, 2025
GeolocationCH
CountrySwitzerland
LocationRümlang, ZH
ASNAS51852
OrgPrivate Layer Inc
Coords47.3682, 8.5671

VirusTotal

Not checked

WHOIS

raw
inetnum: 179.0.0.0 - 179.61.127.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2022-03-02T14:20:53Z last-modified: 2022-03-02T14:20:53Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered route: 179.43.191.0/24 descr: ROUTE OBJECT origin: AS51852 mnt-by: KP73900-MNT created: 2014-04-03T15:37:12Z last-modified: 2018-09-04T17:53:23Z source: RIPE-NONAUTH
references
https://list.rtbh.com.tr/output.txt, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7223698292461768705-10um?utm_source=share&utm_medium=member_desktop, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4, https://redpiranha.net, Vulnerabilitiy Exploitation Public Sources - October 2023.json

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 10 months ago
Appeared in 22 threat reports