IOC Radar
IPMediumSignal 100/100

185.213.164.176

Location
IranIran
Tehran, Tehran
ASN
AS61173
Greenweb
First Seen
Dec 10, 2024
Last Seen
Feb 20, 2026
Dec 10
First Seen
554d ago
Feb 20
Last Seen
116d ago
18
Reports
source reports
99%
Confidence
medium
3/91
VirusTotal
detections
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Network Information

CountryIRIran
RegionTehran, Tehran
ASNAS61173
OrganizationGreenweb

IP Category

Hosting
Hosting provider

Feed Intelligence Summary

18 reports99% confidence
18
Source reports
99%
Confidence score
Category tags
abuseaccess attemptaccess controlactive scanningasiaatif feedattackaustraliaauthenticationauthentication abuseauthentication attacksauthentication failurebanlist feedbinary defensebotnetbrute forcebrute force attackbrute force attemptbrute-forccisco devicecommand and controlcowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdecoy systemdevice managementdistributed attacksenterprise networkingeuropeexploitation attemptfail2ban blockedfail2ban blocked ipsfail2ban triggeredfailed loginfailed login attemptsftp brute forcegb-originating traffichackinghoneytrap honeypothttp brute forceindicatorinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessiriraniran (islamic republic of)iran, islamic republic ofit infrastructurelamplogin attemptsmailoney honeypotmalicious activitymalicious softwaremalwaremanualnetworknetwork infrastructurenetwork intrusionnetwork probenetwork scanningnoticeoceaniapassword attackpassword attackspassword crackingphishingphishing attackphishing trappotential reconnaissanceprocess injectionreconnaissanceresearchedscannersecurity operationssecurity policysftp attacksmtp brute forcesocial engineeringsoftware developmentssh attackssh monitoringt1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.001t1059.004t1059.005t1068t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1589t1589.002t1590.001t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorthreat detectionthreat intelligencethreat preventionudp port scanunauthorized access attemptunauthorized access attemptsunited kingdom

Activity Timeline

1 total obs
Feb 20Feb 20

Threat Activity Heatmap

· Peak: 2026-02-20
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
18
Reports
First seenDec 10, 2024
Last seenFeb 20, 2026
GeolocationIR
CountryIran
LocationTehran, Tehran
ASNAS61173
OrgGreenweb
Coords35.6824, 51.4158
Hosting

VirusTotal

3/ 91vendors flagged
3% detection rateJun 8, 2026

WHOIS

description
Banned by Fail2Ban [sshd]
raw
inetnum: 185.213.164.0 - 185.213.164.255 netname: Greenweb country: IR admin-c: GRWB1-RIPE tech-c: GRWB1-RIPE status: SUB-ALLOCATED PA mnt-routes: greenweb-mnt mnt-by: greenweb-mnt created: 2017-12-20T19:01:41Z last-modified: 2023-07-08T11:50:53Z source: RIPE person: Mozafary - GreenWeb - IranServer address: No7,4th Floor,Persian Gulf Business Complex,Khayyam Crossing phone: +989153203836 nic-hdl: GRWB1-RIPE mnt-by: greenweb-mnt created: 2015-01-22T05:59:10Z last-modified: 2019-08-28T08:07:43Z source: RIPE # Filtered route: 185.213.164.0/24 origin: AS61173 mnt-by: greenweb-mnt created: 2020-11-22T12:17:19Z last-modified: 2020-11-22T12:17:19Z source: RIPE
references
https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://redpiranha.net, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 18 threat reports