IPMediumSignal 37/100
109.125.139.68
Location
Iran, Islamic Republic ofAnār, Tehran
ASN
AS49100
PTS-Network
First Seen
Jan 26, 2025
Last Seen
May 31, 2026
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
37%
Signal Score
37 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryIran, Islamic Republic of
Iran, Islamic Republic ofRegionAnār, Tehran
ASNAS49100
OrganizationPTS-Network
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
14 reports37% confidence
14
Source reports
37%
Confidence score
Category tags
abuseaccessaccount compromiseactive scanactive scanningadbadbhoney honeypotaptasiaattackaustraliaautomated attackbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackc2cisco devicecisco exploit attemptscisco exploitationcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcompromised host activityconnectcowriecowrie activitycowrie capturecowrie honeypotcredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea capturedionaea honeypotdistributed attacksemailencryptionenterprise networkingeuropeexploitexploit activityexploit attemptexploitation activityexploited hostexternal threat actorfattfinlandfranceftpftp brute forcegermanygroupshackingheralding activityhoneynet connecthoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationindicatorinformation technologyinitial accessinjection activityinjection attacksiocipv4iriraniran (islamic republic of)iran, islamic republic ofit infrastructurelamplamp attacklamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp stack attackslamp vulnerability scanlateral movementlogin attemptmailoney activitymailoney honeypotmalicious activitymalicious activity detectedmalicious payload attemptsmalicious payload distributionmalicious softwaremalicious software detectionmalwaremalware attemptmalware behaviourmalware capturemalware downloadmalware propagationmssqlnetworknetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americaoceaniaopenctip0fpassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandpossible malware propagationpotential credential theftpotential malware distributionprocess injectionprotocol exploitationransomwarereconnaissanceredis honeypotremote accessremote servicesresearchedresource hijackingscanscannerscanning activityscriptscripting attackssensor-taggedsentrypeer activitysentrypeer botnetservice scansftpsftp access attemptssftp attacksftp attemptsftp attemptssftp exploitation attemptsipsip brute forcesip scansip scanningslugsmb brute forcesmtpsmtp brute forcesmtp probingsocial engineeringsoftware developmentspamsql injectionsshssh attackssh monitoringsurface webt-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.002t1076t1077t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1583t1588t1589t1590t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotudp scanunauthorized access attemptunited statesvoipvoip attackvpnvulnerability scanweb application attackweb attackweb exploitationweb shell uploadsweb spamweb traffic
Activity Timeline
May 31May 31
Threat Activity Heatmap
· Peak: 2026-05-31LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), an IPv4 address, signals a moderate-risk threat that warrants attention from security teams. Its presence in multiple reputable threat intelligence feeds, combined with a risk score above 37, strongly suggests involvement in malicious activities such as network scanning, brute-force attacks, and potential exploitation attempts. If this IP address is detected communicating with organizational assets, it could indicate an ongoing attempt at unauthorized access, …
Threat ScoreLow Risk
37
SIGNAL
Signal Score
37%
Confidence
14
Reports
First seenJan 26, 2025
Last seenMay 31, 2026
GeolocationIR
CountryIran, Islamic Republic of
LocationAnār, Tehran
ASNAS49100
OrgPTS-Network
Coords30.8734, 55.2655
VPN
VirusTotal
Not checked
WHOIS
- description
- 2025-02-06T19:32:18.073Z Honeypot : Dionaea : Source: 109.125.139.68 : Port: 1433 Connection: {'transport': 'tcp', 'type': 'accept', 'protocol': 'mssqld'}
- raw
- inetnum: 109.125.134.16 - 109.125.143.255 netname: PTS-DSL-Zone1 descr: Pishgaman Tejarat Sayar DSL Network country: IR geoloc: 35.740990 51.402242 admin-c: MABE86-RIPE tech-c: MHE14-RIPE status: ASSIGNED PA mnt-by: PTE-MNT created: 2019-04-06T04:42:27Z last-modified: 2019-04-06T04:42:27Z source: RIPE person: Masoud Bemanipour address: Tehran,Iran phone: +98 21 22619536 phone: +98 21 23545 fax-no: +98 21 22607555 nic-hdl: MABE86-RIPE mnt-by: PTE-MNT created: 2008-06-13T19:15:32Z last-modified: 2011-03-14T05:19:10Z source: RIPE # Filtered person: Hadi Ebrahimi address: Tehran,Iran phone: +98 21 23545 nic-hdl: MHE14-RIPE mnt-by: PTE-MNT created: 2012-05-20T12:27:31Z last-modified: 2012-05-20T12:27:31Z source: RIPE route: 109.125.136.0/22 descr: PTS-Network origin: AS49100 mnt-by: PISHGAMANTS mnt-by: PTE-MNT created: 2015-12-05T10:50:10Z last-modified: 2015-12-05T10:50:10Z source: RIPE
- references
- https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 15 days ago
Appeared in 14 threat reports