IOC Radar
IPMediumSignal 46/100

31.25.133.191

Location
Iran, Islamic Republic ofIran, Islamic Republic of
Tehran, Tehran
ASN
AS43754
Asiatech Data Transmission Co.
First Seen
Feb 15, 2022
Last Seen
Apr 5, 2026
Feb 15
First Seen
1577d ago
Apr 5
Last Seen
66d ago
14
Reports
source reports
46%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
46%
Signal Score
46 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

43 techniques

Network Information

CountryIRIran, Islamic Republic of
RegionTehran, Tehran
ASNAS43754
OrganizationAsiatech Data Transmission Co.

Feed Intelligence Summary

14 reports46% confidence
14
Source reports
46%
Confidence score
Category tags
access controlaccount compromiseactive scanactive scanningamadeyasiaasyncrataurora stealerauto-generated securityavemariaratazorultbad reputationblacklist candidateblacklisted ipbotnetbotnet activitybotnet iocsbotnet miraibrute forcec2cobalt strikecobaltstrikecoinminercommand & controlcommand and controlcommunication protocolcommunication securitycompromise ipv4credential accesscredential harvestingcredential stuffingcryptocurrencydanabotdarkgatedarksidedarktortilladata encryptiondata exfiltrationdata store exposureddosddos attackddos attacksdecoy systemdharmadistributed attacksdonutdridexe9a3 a602earthwormencryptionevery linkexploitexploitation activityextortionf801 e8ffgetshellgs003guloaderidentity & access exploitationindicatorinfoinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinternet of thingsintrusion detectioniocsiot botnetiot device targetingiot securityiot/ics attackipv4 portiriraniran, islamic republic ofit infrastructurelaplasclipperlinuxloaderlokilummastealermalicious linksmalicious softwaremalwaremanualmetasploitmetastealermirai botnetmozineshtanetworknetwork attacksnetwork probingnetwork propagationnetwork scanningnetwork securityparallaxratpayloadpgp fingerprintphishingphishing attackphonkpiratestealerprocess injectionpurecrypterqakbotquasarratraccoonstealerransomwarereconnaissanceredlineredlinestealerredosdruremcosratremote accessresearchedrevengeratscams & fraudscanscannerscanning activitysecurity policyservice scansliversocial engineeringsoftware developmentspynotestealcstormkittysystem disruptionsystembct1016t1018t1021t1040t1041t1046t1055t1059t1059.001t1071t1071.001t1078t1083t1105t1189t1190t1203t1204t1204.001t1486t1490t1496t1497t1498t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1567t1567.002t1568.002t1569.002t1573t1587.001t1590.001t1595t1595.001t1595.002t1595.003tcp protocolthreat actorthreat intelligencethreat preventiontofseetoggletor nodetriadatrojan malwaretwitterurlsvenomratvidarvirusweb securitywingo

Activity Timeline

1 total obs
Apr 5Apr 5

Threat Activity Heatmap

· Peak: 2026-04-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
46
SIGNAL
Signal Score
46%
Confidence
14
Reports
First seenFeb 15, 2022
Last seenApr 5, 2026
GeolocationIR
CountryIran, Islamic Republic of
LocationTehran, Tehran
ASNAS43754
OrgAsiatech Data Transmission Co.
Coords35.6980, 51.4115

VirusTotal

Not checked

WHOIS

description
Scans hitting the server at TCP port 81 Skype. Same IP should not appear more than once in 96 hours in our lists S3#.
raw
inetnum: 31.25.133.0 - 31.25.133.255 netname: IR-ASIATECH-NET descr: Asiatech Data Transmission Co. descr: No.37, Miremad, Motahari street, Tehran, Iran, 1587843111 descr: FCP license 100-94-16 descr: Tel: +982191011100 descr: Fax: +982191011200 country: IR admin-c: ATMN-RIPE tech-c: ATTC-RIPE status: ASSIGNED PA mnt-by: ASIATECH-MNT created: 2019-08-18T08:49:33Z last-modified: 2020-04-02T08:40:16Z source: RIPE role: Asiatech NOC - Management Area address: No.37, Miremad, Motahari street, Tehran, Iran admin-c: SY88-RIPE tech-c: SY88-RIPE abuse-mailbox: [email protected] nic-hdl: ATMN-RIPE mnt-by: ASIATECH-MNT created: 2014-09-27T09:16:24Z last-modified: 2020-03-28T07:06:37Z source: RIPE # Filtered role: Asiatech NOC - Technical Area address: No.37, Miremad, Motahari street, Tehran, Iran admin-c: SY88-RIPE tech-c: SY88-RIPE abuse-mailbox: [email protected] nic-hdl: ATTC-RIPE mnt-by: ASIATECH-MNT created: 2014-09-27T09:09:28Z last-modified: 2020-03-28T06:49:35Z source: RIPE # Filtered route: 31.25.132.0/23 descr: Asiatech IPv4 Route origin: AS43754 mnt-by: ASIATECH-MNT created: 2017-11-11T13:06:05Z last-modified: 2017-11-11T13:06:05Z source: RIPE
references
https://1275.ru/ioc/gs-25-1599-mirai-botnet-iocs_10303, https://1275.ru/ioc/gs-25-1598-mirai-botnet-iocs_10288, https://1275.ru/ioc/gs-25-1597-mirai-botnet-iocs_10278, https://1275.ru/ioc/gs-25-1494-mirai-botnet-iocs_10269, https://1275.ru/ioc/gs-25-1493-mirai-botnet-iocs_10243, https://1275.ru/ioc/7870/gs-561-mirai-botnet-iocs/, https://urlhaus.abuse.ch/feeds/country/IR/, https://urlhaus.abuse.ch/downloads/json_online/, https://osint.digitalside.it/Threat-Intel/lists/latesturls.txt, https://1275.ru/ioc/2785/gs-364-mirai-botnet-iocs/, blacklist_ip.backup

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 2 months ago
Appeared in 14 threat reports