IOC Radar
IPMediumSignal 39/100

185.159.159.148

Location
SwitzerlandSwitzerland
Plan-les-Ouates, AB
ASN
AS209103
ProtonVPN CH1
First Seen
Jul 5, 2024
Last Seen
May 3, 2026
Jul 5
First Seen
710d ago
May 3
Last Seen
42d ago
8
Reports
source reports
39%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
39%
Signal Score
39 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

36 techniques

Network Information

CountryCHSwitzerland
RegionPlan-les-Ouates, AB
ASNAS209103
OrganizationProtonVPN CH1

IP Category

VPN
VPN exit node

Feed Intelligence Summary

8 reports39% confidence
8
Source reports
39%
Confidence score
Category tags
abuseactive scanactive scanningalienvault_ransomwareappleapplication analysisbad reputationbrute forcechcom laudecredential accesscredential stuffingcsc corporatedata encryptiondata exfiltrationdata store exposureddosdomainsencryptioneuropeexploitation activityextortionfinlandfranceftp brute forcegandi sasgermanyhoneynet connecthttp brute forceidentity & access exploitationinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjection activityiocipadosit infrastructurelateral movementlockdown modelogin attemptltd dbamalicious domainsmalicious downloadmalicious softwaremalwaremalware distributionmoniker onlinenamecheap incnetworknetwork enumerationnetwork intrusionnetwork scanningnetwork securitynorth americaonlinepassword attackphishingpolandprivacy violationprocess injectionprotocol exploitationproxyransomwarereconnaissanceremote accessremote servicesresearchedsandboxscanning activitysmb brute forcesmtp brute forcesoftware developmentssh attackstaticstatic analysisstatic analyzersubmitswedensystem disruptiont1016t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071.001t1076t1078t1105t1110t1110.001t1110.002t1486t1490t1563t1564t1565t1566t1587.001t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tcp scantelnet threattor nodetrojantrojan malwareudp scanunauthorized access attemptunited statesurlscan iovirusvpn

Activity Timeline

1 total obs
May 3May 3

Threat Activity Heatmap

· Peak: 2026-05-03
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
39
SIGNAL
Signal Score
39%
Confidence
8
Reports
First seenJul 5, 2024
Last seenMay 3, 2026
GeolocationCH
CountrySwitzerland
LocationPlan-les-Ouates, AB
ASNAS209103
OrgProtonVPN CH1
Coords59.3333, 18.0500
VPN

VirusTotal

Not checked

WHOIS

raw
inetnum: 185.159.159.0 - 185.159.159.255 netname: ProtonVPN-CH1 country: CH admin-c: TO2191-RIPE tech-c: SC21786-RIPE status: ASSIGNED PA mnt-by: ch-protonvpn-1-mnt created: 2016-08-11T07:20:16Z last-modified: 2019-08-20T16:24:31Z source: RIPE person: Sebastien Ceuterickx address: Route de la Galaise 32 address: 1228 Plan-les-Ouates address: Switzerland phone: +41225483451 nic-hdl: SC21786-RIPE mnt-by: protonmail-mnt mnt-by: ch-protonvpn-1-mnt created: 2019-02-14T12:36:41Z last-modified: 2024-07-31T13:17:26Z source: RIPE person: Antonio Gambardella address: Chemin du Pr�-Fleuri 3 address: 1228 address: Plan-les-Ouates address: SWITZERLAND phone: +41225483451 nic-hdl: TO2191-RIPE mnt-by: ch-protonvpn-1-mnt created: 2016-07-13T10:21:04Z last-modified: 2017-02-10T12:31:51Z source: RIPE route: 185.159.159.0/24 origin: AS209103 mnt-by: protonmail-mnt mnt-by: ch-protonvpn-1-mnt created: 2019-08-13T15:10:04Z last-modified: 2019-08-13T15:10:04Z source: RIPE
references
https://www.filescan.io/uploads/6982ff62981ff1d38a47bb59/reports/b9df3e9f-86ff-408f-82ce-f5cebb6a9294/overview, https://app.threat.zone/submission/111b9d9e-6370-4d53-bad4-9a472d8fff1b/overview, https://viz.greynoise.io/ip/analysis/75fe50a7-a8f9-4f09-bbc3-05444bdf8f08, URLscan IO, https://www.virustotal.com/gui/collection/8bb25daeacf65fe19fd75f7f29905ed10b032010a6abdaefa5f73b778fd6824e/iocs, https://www.virustotal.com/gui/collection/8bb25daeacf65fe19fd75f7f29905ed10b032010a6abdaefa5f73b778fd6824e/summary, https://www.virustotal.com/graph/embed/ge4625e74947e4f08b0a47962d86b4b782524abff4fad4df8865055cb128f2951?theme=dark

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 8 threat reports