IOC Radar
IPMediumSignal 100/100

198.1.116.158

Location
United StatesUnited States
Provo, Utah
ASN
AS46606
Unified Layer
First Seen
Nov 4, 2020
Last Seen
Dec 5, 2025
Nov 4
First Seen
2057d ago
Dec 5
Last Seen
200d ago
21
Reports
source reports
99%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

40 techniques

Network Information

CountryUSUnited States
RegionProvo, Utah
ASNAS46606
OrganizationUnified Layer

IP Category

Hosting
Hosting provider

Feed Intelligence Summary

21 reports99% confidence
21
Source reports
99%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseaccount securityactive scanningadministrative accessatif feedattackauto-generated securitybanlist feedbinary defensebotnetbrute forcebrute force attackcisco devicecommand and controlcommunication protocolconnectcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationddos attacksdecoy systemdevice managementdionaeadionaea honeypotdistributed attacksemailenterprise networkingftp brute forcegroupshoneytrap honeypotindicatorinfrastructure acquisitionreconnaissanceinternet of thingsintrusion detectioniot botnetiot/ics attacklamplamp exploitation attemptsmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemanualmirai botnetnetworknetwork attacksnetwork infrastructurenetwork scanningnetwork securitynorth americaoperating systemoperating system securitypassword attacksphishingphishing attackphishing trappotential malware distributionprivilege escalationprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingscanscannerscriptsecurity policyself-signedsentrypeer botnetsftpsftp attacksipsip brute forcesip scanningslugsmtp brute forcesocial engineeringsshssh attackssh monitoringsurface webt1016t1018t1021t1021.001t1040t1041t1046t1053t1055t1059t1069.001t1071.001t1076t1078t1088t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1583t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003tcptcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventionunited statesunited states of americausvoipvoip attack

Activity Timeline

1 total obs
Dec 5Dec 5

Threat Activity Heatmap

· Peak: 2025-12-05
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
21
Reports
First seenNov 4, 2020
Last seenDec 5, 2025
GeolocationUS
CountryUnited States
LocationProvo, Utah
ASNAS46606
OrgUnified Layer
Coords40.2066, -111.6430
Hosting

VirusTotal

Not checked

WHOIS

description
2025-02-15T01:52:29.818Z Honeypot : Dionaea : Source: 198.1.116.158 : Port: 1723 Connection: {'protocol': 'pptpd', 'transport': 'tcp', 'type': 'accept'}
raw
NetRange: 198.1.64.0 - 198.1.127.255 CIDR: 198.1.64.0/18 NetName: UNIFIEDLAYER-NETWORK-11 NetHandle: NET-198-1-64-0-1 Parent: NET198 (NET-198-0-0-0-0) NetType: Direct Allocation OriginAS: AS46606 Organization: Unified Layer (BLUEH-2) RegDate: 2012-07-02 Updated: 2012-11-14 Ref: https://rdap.arin.net/registry/ip/198.1.64.0 OrgName: Unified Layer OrgId: BLUEH-2 Address: 1958 South 950 East City: Provo StateProv: UT PostalCode: 84606 Country: US RegDate: 2006-08-08 Updated: 2025-02-20 Ref: https://rdap.arin.net/registry/entity/BLUEH-2 ReferralServer: rwhois://rwhois.unifiedlayer.com:4321 OrgTechHandle: ENO74-ARIN OrgTechName: EIG Network Operations OrgTechPhone: +1-781-852-3200 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ENO74-ARIN OrgNOCHandle: ENO74-ARIN OrgNOCName: EIG Network Operations OrgNOCPhone: +1-781-852-3200 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/ENO74-ARIN OrgAbuseHandle: NOC2320-ARIN OrgAbuseName: Network Operations Center OrgAbusePhone: +1-801-765-9400 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/NOC2320-ARIN
references
https://github.com/telekom-security/tpotce, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://redpiranha.net, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 6 months ago
Appeared in 21 threat reports