IPMediumSignal 59/100

`185.116.163.22`

Location

Iran, Islamic Republic of

Tehran, 23

ASN

AS61173

Green Web Samaneh Novin Co Ltd

First Seen

Jan 18, 2025

Last Seen

May 6, 2026

Jan 18

First Seen

512d ago

May 6

Last Seen

39d ago

Reports

source reports

59%

Confidence

medium

3/91

VirusTotal

detections

Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

59%

Signal Score

59 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

77 techniques

Network Information

Country

Iran, Islamic Republic of

RegionTehran, 23

ASNAS61173

OrganizationGreen Web Samaneh Novin Co Ltd

Feed Intelligence Summary

15 reports59% confidence

Source reports

59%

Confidence score

Category tags

abuseaccessaccess controlaccount compromiseactive scanactive scanningaptasiaattackaustraliabad reputationblacklist candidatebotnetbotnet activitybotnet infectionbrute forcebrute force attackbrute force attacksbrute force attemptsbruteforcec2c2 communicationciscocisco devicecisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand injectioncommunication protocolcompromise attemptcompromised credentialscompromised hostconnectconpotconpot attackconpot honeypotcowriecowrie activitycowrie capturecowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea capturedionaea honeypotdistributed attacksdnsdns attackemailencryptionenterprise networkingeuropeexploitexploit attemptexploitation activityexploitation attemptexploited hostfattfinlandfranceftpftp brute forcegermanygroupshackinghoneynet connecthoneytrap honeypothttp attackhttp brute forcehttp scannerhttp scanningics securityidentity & access exploitationindicatorindicators of compromiseindustrial control systemsinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsinternet-facingintrusion detectioniociot botnetiot securityiot/ics attackiriraniran (islamic republic of)iran, islamic republic ofiraqirclamplamp attackslamp exploitationlamp exploitation attemptslamp server targetinglamp stack exploitationlateral movementlogin attemptmailoney activitymailoney honeypotmalicious activitymalicious activity detectedmalicious ipmalicious network trafficmalicious payload attemptsmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmalware propagationmanualmiraimirai botnetmssqlmssql brute forcenetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnorth americaoceaniaopenctip0fpassword attackpassword attacksphishingphishing attackphishing trappolandportscanpotential malware distributionprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote servicesresearchedresource hijackingscanscannerscannersscanning activityscriptsecurity policysensor-taggedsentrypeer botnetservice scansftpsftp attacksftp attemptssftp probingsipsip brute forcesip scanningslugsmbsmb brute forcesmtpsmtp brute forcesmtp probingsocial engineeringsshssh attackssh monitoringsurface webt-pott1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1036t1040t1041t1043t1046t1053t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1077t1078t1078.002t1078.003t1078.004t1083t1087t1090t1105t1106t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1210t1486t1490t1496t1497t1499.001t1499.002t1499.003t1550.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1583t1587.001t1588t1589t1589.002t1590t1590.001t1592t1593t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp scanunauthorized accessunauthorized access attemptunited statesvoipvoip attackvultrwarsawweb traffic

Activity Timeline

1 total obs

May 6May 6

Threat Activity Heatmap

· Peak: 2026-05-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

59%

Confidence

Reports

First seenJan 18, 2025

Last seenMay 6, 2026

GeolocationIR

CountryIran, Islamic Republic of

LocationTehran, 23

ASNAS61173

OrgGreen Web Samaneh Novin Co Ltd

Coords35.7270, 51.3336

VirusTotal

3/ 91vendors flagged

3% detection rateJun 8, 2026

WHOIS

raw: inetnum: 185.116.163.0 - 185.116.163.255 abuse-c: AR45987-RIPE netname: Greenweb geoloc: 35.735108 -51.430358 descr: Green Web Samaneh Novin Network country: IR admin-c: GRWB1-RIPE tech-c: GRWB1-RIPE status: ASSIGNED PA mnt-by: GreenWeb-mnt created: 2015-11-23T06:57:11Z last-modified: 2023-07-08T11:41:08Z source: RIPE org: ORG-GWSN5-RIPE organisation: ORG-GWSN5-RIPE org-name: Green Web Samaneh Novin Co Ltd org-type: OTHER address: No7,4th Floor,Persian Gulf Business Complex,Khayyam Crossing address: 9185813465 address: Mashhad address: IRAN, ISLAMIC REPUBLIC OF phone: +985137638100 admin-c: GRWB1-RIPE tech-c: GRWB1-RIPE abuse-c: AR45987-RIPE mnt-ref: greenweb-mnt mnt-by: greenweb-mnt created: 2018-04-12T17:41:08Z last-modified: 2020-08-06T09:10:53Z source: RIPE # Filtered person: Mozafary - GreenWeb - IranServer address: No7,4th Floor,Persian Gulf Business Complex,Khayyam Crossing phone: +989153203836 nic-hdl: GRWB1-RIPE mnt-by: greenweb-mnt created: 2015-01-22T05:59:10Z last-modified: 2019-08-28T08:07:43Z source: RIPE # Filtered route: 185.116.163.0/24 descr: Green Web Samaneh Novin Co Ltd origin: AS61173 mnt-by: GreenWeb-mnt created: 2015-11-14T07:35:21Z last-modified: 2015-11-14T07:35:21Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrwarsaw-mssql-bruteforce-ip-list-2025-08-11/, https://jamesbrine.com.au, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

`185.116.163.22`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy