IOC Radar
IPMediumSignal 38/100

185.255.89.57

Location
Iran, Islamic Republic ofIran, Islamic Republic of
Tehran, 23
ASN
AS61173
Greenweb
First Seen
Apr 15, 2026
Last Seen
Apr 23, 2026
Apr 15
First Seen
61d ago
Apr 23
Last Seen
54d ago
5
Reports
source reports
38%
Confidence
medium
Found in 5 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
38%
Signal Score
38 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryIRIran, Islamic Republic of
RegionTehran, 23
ASNAS61173
OrganizationGreenweb

Feed Intelligence Summary

5 reports38% confidence
5
Source reports
38%
Confidence score
Category tags
aptasiaasyncratindicatoriraniran, islamic republic ofkimsukymalwarenetworkopendirresearchedthreat actortor node

Activity Timeline

1 total obs
Apr 23Apr 23

Threat Activity Heatmap

· Peak: 2026-04-23
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
38
SIGNAL
Signal Score
38%
Confidence
5
Reports
First seenApr 15, 2026
Last seenApr 23, 2026
GeolocationIR
CountryIran, Islamic Republic of
LocationTehran, 23
ASNAS61173
OrgGreenweb
Coords35.7270, 51.3336

VirusTotal

Not checked

WHOIS

raw
inetnum: 185.255.89.0 - 185.255.89.255 netname: Greenweb country: IR admin-c: GRWB1-RIPE tech-c: GRWB1-RIPE status: SUB-ALLOCATED PA mnt-by: greenweb-mnt created: 2018-04-18T04:08:42Z last-modified: 2023-07-08T11:55:39Z source: RIPE person: Mozafary - GreenWeb - IranServer address: No7,4th Floor,Persian Gulf Business Complex,Khayyam Crossing phone: +989153203836 nic-hdl: GRWB1-RIPE mnt-by: greenweb-mnt created: 2015-01-22T05:59:10Z last-modified: 2019-08-28T08:07:43Z source: RIPE # Filtered route: 185.255.89.0/24 origin: AS61173 mnt-by: greenweb-mnt created: 2020-04-26T12:34:31Z last-modified: 2020-04-26T12:34:31Z source: RIPE
references
https://x.com/skocherhan/status/2044284667264749661, https://x.com/skocherhan/status/2044317977357492386, https://x.com/skocherhan/status/2044348014966227425, https://x.com/skocherhan/status/2044348070733684802, https://x.com/skocherhan/status/2044349812552716638, https://x.com/skocherhan/status/2044492134250639632, https://x.com/skocherhan/status/2044534397265707394

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 1 month ago
Appeared in 5 threat reports