Iran (IR) Threat Intelligence

IR

Iran has 21,381 malicious IP addresses with 724,831 abuse reports. Top threat categories include suspicious activity, severe abuse, ssh bruteforce, moderate threat, high threat. Top attacking networks: Iran Telecommunication Company PJS (4,037 IPs), Limited Network LTD (1,851 IPs), Farahoosh Dena PLC (1,642 IPs). Data collected since 2023-08-30, last activity 2026-07-05.

Threat Assessment: Iran shows substantial cyber threat activity, ranking among the top threat source countries worldwide. The dominant attack types are suspicious activity, severe abuse, ssh bruteforce. The majority of threats originate from networks operated by Iran Telecommunication Company PJS and Limited Network LTD.

Total Reports
724,831
Unique IPs
21,381
First Seen
2023-08-30
Last Activity
2026-07-05

Top Threat Categories

Suspicious Activity 20,341
Severe Abuse 5,943
Ssh Bruteforce 2,265
Moderate Threat 1,420
High Threat 909

Top Attacking Networks

AS58224 Iran Telecommunication Company PJS
4,037 IPs
AS213790 Limited Network LTD
1,851 IPs
AS44208 Farahoosh Dena PLC
1,642 IPs

Most Reported IPs in Iran

81.30.98.144 398 reports
81.30.98.44 397 reports
81.30.98.49 397 reports
81.30.98.142 396 reports
81.30.98.158 396 reports

Access this data via API

Get Iran threat intelligence programmatically.

curl https://ip.wayscloud.services/api/country/IR

View full API documentation

See how we classify and verify threats →

Check any IP from Iran

Look up threat intelligence for a specific IP address.

Related: Country Threat Ranking Country Risk Trends → Top Malicious IPs → AS58224 Intelligence AS213790 Intelligence AS44208 Intelligence Global Attack Trends Detect Malicious Traffic

Loading threat intelligence data...