IPMediumSignal 24/100

`31.14.127.96`

Location

Iran, Islamic Republic of

Khowrmūj, Bushehr Province

ASN

AS25184

Afranet Co

First Seen

Apr 10, 2022

Last Seen

Apr 11, 2026

Apr 10

First Seen

1527d ago

Apr 11

Last Seen

64d ago

Reports

source reports

24%

Confidence

medium

Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

24%

Signal Score

24 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

30 techniques

Network Information

Country

Iran, Islamic Republic of

RegionKhowrmūj, Bushehr Province

ASNAS25184

OrganizationAfranet Co

Feed Intelligence Summary

7 reports24% confidence

Source reports

24%

Confidence score

Category tags

active scanactive scanningadbhoney honeypotaerospace & defenseasiaattackautomotive manufacturingbotnetbotnet activitybrute forcebrute force attackcisco devicecisco exploitation attemptscivil servicescommand and controlcommunication protocolcompromised credentialscowrie honeypotcredential accesscredential harvestingcredential stuffingcyber securitydata exfiltrationdata exfiltration attemptsdata store exposuredatabase securitydecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydevice managementdionaea honeypotdionaea malware analysisdistributed attackselasticpot honeypotelasticsearch monitoringelectronics manufacturingenterprise networkingexploitation activityexploitation attemptexploitation attemptsftp brute forcegovernment technologyheralding attack patternhoneytrap honeypotidentity & access exploitationindicatorindustrial automationindustrial iotindustrial productioninjection activityiociot securityiraniran, islamic republic oflamplamp stack targetinglateral movementmailoney honeypotmalicious activitymalicious payload detectionmalicious softwaremalwaremalware behaviourmalware capturemalware deployment attemptsmanufacturing technologymilitary operationsnational securitynetworknetwork infrastructurenetwork scanningnetwork securitynextraypassword attacksphishingphishing attackphishing trapprocess injectionprocess manufacturingpublic administrationpublic infrastructurepublic policypython script activityquality controlransomwarereconnaissanceregulatory agenciesremote accessremote servicesresearchedresource hijackingscannerscanning activitysecurity operationssentrypeer botnetsftp access attemptsftp attacksip attackssip brute forcesocial engineeringspamssh attackssh monitoringsupply chain attacksupply chain managementt1021t1040t1041t1055t1059t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1583t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencetor nodevoipvoip attackweb spam

Activity Timeline

1 total obs

Apr 11Apr 11

Threat Activity Heatmap

· Peak: 2026-04-11

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreLow Risk

SIGNAL

Signal Score

24%

Confidence

Reports

First seenApr 10, 2022

Last seenApr 11, 2026

GeolocationIR

CountryIran, Islamic Republic of

LocationKhowrmūj, Bushehr Province

ASNAS25184

OrgAfranet Co

Coords35.6980, 51.4115

VirusTotal

Not checked

WHOIS

description: 2025-04-23T20:38:59.574Z Honeypot : Heralding : Source: 31.14.127.96 : Username/Password: admincr/n0=acc3ss Port: 1080 Message: 2025-04-23 20:38:59.574276,6fda4806-6bbd-4e4b-9890-d7e7bca1a915,aa9465a9-16c6-4515-8924-6bd0f7dc3b78,31.14.127.96,33302,99.18.26.19,1080,socks5,admincr,n0=acc3ss,
raw: inetnum: 31.14.126.0 - 31.14.127.255 netname: fayez-rayaneh-jonoob country: IR admin-c: MK23389-RIPE tech-c: MK23389-RIPE status: ASSIGNED PA mnt-by: AFRA-MNT-NESH-1 created: 2020-04-14T11:48:44Z last-modified: 2020-04-14T11:48:44Z source: RIPE person: mr kordavani address: zaman shopping center, front of mokhaberat, khoormooj, boushehr phone: +987735327220 nic-hdl: MK23389-RIPE mnt-by: AFRA-MNT-NESH-1 created: 2020-04-14T11:47:04Z last-modified: 2020-04-14T11:47:04Z source: RIPE route: 31.14.112.0/20 descr: Afranet Co origin: AS25184 mnt-by: AFRA-MNT-NESH-1 created: 2014-09-20T04:41:36Z last-modified: 2014-09-20T04:41:36Z source: RIPE
references: https://github.com/telekom-security/tpotce

`31.14.127.96`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy