IPMediumSignal 71/100

`5.202.101.153`

Location

Iran, Islamic Republic of

Tehran, Tehran

ASN

AS49100

Pishgaman Toseeh Ertebatat Company (Private Joint Stock)

First Seen

Nov 10, 2023

Last Seen

May 30, 2026

Nov 10

First Seen

947d ago

May 30

Last Seen

15d ago

Reports

source reports

71%

Confidence

medium

Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

71%

Signal Score

71 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

56 techniques

Network Information

Country

Iran, Islamic Republic of

RegionTehran, Tehran

ASNAS49100

OrganizationPishgaman Toseeh Ertebatat Company (Private Joint Stock)

Feed Intelligence Summary

22 reports71% confidence

Source reports

71%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive scanactive scanningamadeyantiaptarmasiaasyncratattackaurora stealeraustraliaauto-generated securityavemariaratazorultb5tubad reputationbotnetbotnet activitybotnetdomainbrazilbrute forcebrute force attackbrute force attacksbrute force attemptbrute-forcec2c2 communicationcensyscloud infrastructurecloud infrastructure attackcloud servicescobalt strikecobaltstrikecoinminercommand & controlcommand and controlcommunication protocolcommunication technologiescompromise ipv4compromised systemconnected devicescowrie honeypotcredential accesscredential brute forcingcredential harvestingcredential stuffingcryptocurrencydanabotdarkgatedarksidedarktortilladata encryptiondata exfiltrationdata store exposureddosddos attacksdecoy systemdenial of servicedevice managementdharmadionaea honeypotdistributed attacksdocdonutdridexearthwormelfencryptionexeexecutable fileexploitexploit attemptsexploitation activityexploited hostextortionfattftpftp brute forcegafgytgetshellguloaderhackinghajimehoneytrap honeypothtahttp brute forcehttp scanneridentity & access exploitationindicatorindustrial iotinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinternet of thingsintrusion detectioniociocsiot analyticsiot applicationsiot botnetiot platformsiot securityiot targetediot/ics attackipv4 addressipv4 portiriraniran (islamic republic of)iran, islamic republic ofisislamplaplasclipperlateral movementlinuxloaderlogin failurelokilummastealermailoney honeypotmalicious activitymalicious linksmalicious softwaremalwaremalware behaviourmalware capturemalware propagationmalware scanningmanualmassloggermetasploitmetastealermipsmirai botnetmobile carriersmobile networksmozineshtanetworknetwork attacksnetwork intrusionnetwork intrusion attemptsnetwork probingnetwork scanningnetwork securitynetwork service scanningoceaniaopendirp0fparallaxratpassword attackpassword attackspayloadphishingphishing attackphishing trapphonkpiratestealerprocess injectionprotocol exploitationpurecrypterqakbotquasarratraccoonstealerransomwareratreconnaissanceredlineredlinestealerredosdruremcos trojanremcosratremote accessremote servicesresearchedresource hijackingrevengeratsaint helena, ascension and tristan da cunhascams & fraudscanscannersecurity policysensor-taggedsentrypeer botnetservice scansftp attacksliversmart devicessmtpsmtp brute forcesocial engineeringsocradar honeypotsouth americaspynotesql injection attemptsssh attackssh monitoringstealcstormkittysystem disruptionsystembct1021t1021.001t1021.002t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1071t1071.001t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1204t1204.001t1204.002t1210t1486t1490t1496t1497t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1567.002t1568.002t1569.002t1573t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp/23telecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontofseetoggletor nodetpottriadatrojan malwareua-wgetvbsvenomratvidarvipkeyloggervirusvoipvoip attackweb securityweb trafficwingox86-64

Activity Timeline

1 total obs

May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

71%

Confidence

Reports

First seenNov 10, 2023

Last seenMay 30, 2026

GeolocationIR

CountryIran, Islamic Republic of

LocationTehran, Tehran

ASNAS49100

OrgPishgaman Toseeh Ertebatat Company (Private Joint Stock)

Coords35.6980, 51.4115

VirusTotal

Not checked

WHOIS

raw: inetnum: 5.202.0.0 - 5.202.255.255 netname: IR-PTE-TEHRAN-20120829 country: IR org: ORG-PTEC8-RIPE admin-c: MABE86-RIPE tech-c: HB6669-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-by: PTE-MNT created: 2012-08-29T14:15:15Z last-modified: 2021-09-29T09:29:57Z source: RIPE organisation: ORG-PTEC8-RIPE org-name: Pishgaman Toseeh Ertebatat Company (Private Joint Stock) country: IR org-type: LIR address: No. 26, 53 Jahan Ara Ave., Yousof Abad address: 1436744883 address: Tehran address: IRAN, ISLAMIC REPUBLIC OF phone: +982124535000 admin-c: MABE86-RIPE tech-c: MABE86-RIPE tech-c: MHE14-RIPE tech-c: HB6669-RIPE abuse-c: AR34189-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: PTE-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: PTE-MNT created: 2015-11-10T14:02:54Z last-modified: 2021-11-08T06:07:54Z source: RIPE # Filtered person: Hossein Bagherpour address: No.26,The Alley51,Corner of Alley53,Jahanara Street ,Yussof Abad,Tehran,Iran phone: +98 21 23545830 phone: +989127002979 nic-hdl: HB6669-RIPE mnt-by: HB128-MNT created: 2017-12-17T04:28:22Z last-modified: 2019-05-12T09:42:32Z source: RIPE person: Masoud Bemanipour address: Tehran,Iran phone: +98 21 22619536 phone: +98 21 23545 fax-no: +98 21 22607555 nic-hdl: MABE86-RIPE mnt-by: PTE-MNT created: 2008-06-13T19:15:32Z last-modified: 2011-03-14T05:19:10Z source: RIPE # Filtered route: 5.202.100.0/23 descr: PTE Network origin: as49100 mnt-by: PTE-MNT created: 2015-11-03T07:27:34Z last-modified: 2015-11-03T07:27:34Z source: RIPE
references: https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce, https://1275.ru/ioc/gs-617-mirai-botnet-iocs_9610, https://raw.githubusercontent.com/openphish/public_feed/refs/heads/main/feed.txt, https://urlhaus.abuse.ch/downloads/text_online/, https://urlhaus.abuse.ch/browse/, https://urlhaus.abuse.ch/feeds/country/IR/, https://urlhaus.abuse.ch/downloads/json_online/, https://1275.ru/ioc/3738/gs-509-mirai-botnet-iocs/, https://jamesbrine.com.au/vultrwarsaw-telnet-bruteforce-ip-list-2024-04-24/, https://jamesbrine.com.au

`5.202.101.153`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy