IPMediumSignal 58/100
79.175.176.177
Location
Iran, Islamic Republic ofTehran, Khuzestan
ASN
AS25184
Afranet
First Seen
Apr 22, 2025
Last Seen
Jun 14, 2026
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryIran, Islamic Republic of
Iran, Islamic Republic ofRegionTehran, Khuzestan
ASNAS25184
OrganizationAfranet
Feed Intelligence Summary
21 reports58% confidence
21
Source reports
58%
Confidence score
Category tags
abuseaccess attemptaccess controlaccount compromiseactive scanactive scanningaptasiaattackattack origin: gbaustraliaauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication failureauthentication failuresautomated attackautomated attacksbad web botblock listblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcec2 communicationchina mobilecloud infrastructurecloud infrastructure attackcloud servicescolumnscommand and controlcommand injectioncommunication protocolcompany limitedcompromised hostcowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdatabase attackddosddos attackdecoy systemdenial of servicedigital oceandionaea honeypotdionaea payloadsdistributed attacksdnsenumerationeuropeexfiltrationexploitexploitation activityexploited hostexternal remote servicesexternal threatfail2ban alertfail2ban eventfail2ban triggeredfailed authenticationfailed login attemptsfattfatt detectionsfinlandfirewall blockfranceftpftp brute forceftp brute-forcegermanyhackinghk abusehandlerhoneynet connecthoneytrap eventshoneytrap honeypothong konghttp brute forcehttp scannerhttp scanninghttpsindiaindicatorinfrastructure acquisitionreconnaissanceinitial accessintrusion detectioniocipv4iriraniran, islamic republic ofkill-chain exploitationkill-chain reconnaissancelateral movementlog analysislogin attacklogin attemptlogin attemptslogin failurelow-riskmailoney eventsmailoney honeypotmalicious activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmanualnetworknetwork attacksnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusionsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnorth americaoceaniaosintp0fp0f signaturesparispassword attackpassword attackspgp signphishingphishing attackphishing trapping of deathpolandportscanprocess injectionprotocol exploitationreconnaissanceremote accessremote loginremote servicesresearchedresource hijackingscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer eventsservice enumerationservice exploitationservice scansmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotspamsshssh attackssh monitoringsuricata alertssystem discoveryt-pott1005t1016t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1033t1040t1046t1055t1057t1059t1059.001t1059.004t1059.007t1068t1070.004t1071t1071.001t1076t1078t1078.004t1082t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1555t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner eventstcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat preventiontpotudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunited kingdomunited statesus abuseus nonevalid accountsvoipvoip attackvulnerability scanweb app attackweb application attackweb attackweb brute forceweb exploitationweb spamweb traffic
Activity Timeline
Jun 14Jun 14
Threat Activity Heatmap
· Peak: 2026-06-14LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
21
Reports
First seenApr 22, 2025
Last seenJun 14, 2026
GeolocationIR
CountryIran, Islamic Republic of
LocationTehran, Khuzestan
ASNAS25184
OrgAfranet
Coords35.6980, 51.4115
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected attempting to brute force SSH on Perth (Australia) honeypot
- raw
- inetnum: 79.175.128.0 - 79.175.191.255 netname: IR-AFRANET-20071112 org: ORG-AA32-RIPE country: IR admin-c: AFR81189-RIPE tech-c: AFR81189-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-by: AFRA-MNT-NESH-1 mnt-routes: AFRA-MNT-NESH-1 mnt-domains: AFRA-MNT-NESH-1 created: 2007-11-12T10:55:42Z last-modified: 2019-04-15T05:49:32Z source: RIPE # Filtered organisation: ORG-AA32-RIPE org-name: Afranet country: IR org-type: LIR address: 7th Floor, No. 12, Sahand Street, Beheshti Avenue address: 15598-36111 address: Tehran address: IRAN, ISLAMIC REPUBLIC OF phone: +982181180000 fax-no: +982188737133 mnt-ref: RIPE-NCC-HM-MNT mnt-ref: AFRA-MNT-NESH-1 mnt-by: RIPE-NCC-HM-MNT mnt-by: AFRA-MNT-NESH-1 admin-c: MRA99-RIPE abuse-c: AFAR1000-RIPE created: 2004-04-17T11:28:03Z last-modified: 2020-12-16T13:43:18Z source: RIPE # Filtered person: Afranet Co address: No 12 ,Sahand St,Beheshti Ave,Tehran, Iran mnt-by: AFRA-MNT-NESH-1 phone: +98-21-81180 nic-hdl: AFR81189-RIPE created: 2009-10-17T10:58:44Z last-modified: 2018-02-12T10:21:00Z source: RIPE # Filtered route: 79.175.176.0/24 descr: AFranet Co origin: AS25184 mnt-by: AFRA-MNT-NESH-1 created: 2013-02-17T05:12:20Z last-modified: 2013-02-17T05:12:20Z source: RIPE
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 13 days ago
Appeared in 21 threat reports