Iran (IR) Threat Intelligence

IR

Iran has 16,942 malicious IP addresses with 544,811 abuse reports. Top threat categories include suspicious activity, severe abuse, ssh bruteforce, moderate threat, high threat. Top attacking networks: Iran Telecommunication Company PJS (3,095 IPs), Farahoosh Dena PLC (1,607 IPs), Afranet (1,094 IPs). Data collected since 2023-08-30, last activity 2026-04-05.

Threat Assessment: Iran shows substantial cyber threat activity, ranking among the top threat source countries worldwide. The dominant attack types are suspicious activity, severe abuse, ssh bruteforce. The majority of threats originate from networks operated by Iran Telecommunication Company PJS and Farahoosh Dena PLC.

Total Reports
544,811
Unique IPs
16,942
First Seen
2023-08-30
Last Activity
2026-04-05

Top Threat Categories

Suspicious Activity 20,341
Severe Abuse 5,943
Ssh Bruteforce 1,987
Moderate Threat 1,420
High Threat 909

Top Attacking Networks

AS58224 Iran Telecommunication Company PJS
3,095 IPs
AS44208 Farahoosh Dena PLC
1,607 IPs
AS25184 Afranet
1,094 IPs

Most Reported IPs in Iran

62.60.131.157 693 reports
79.175.151.48 242 reports
185.116.160.35 242 reports
78.109.200.147 239 reports
185.213.165.65 238 reports

Access this data via API

Get Iran threat intelligence programmatically.

curl https://ip.wayscloud.services/api/country/IR

View full API documentation

See how we classify and verify threats →

Check any IP from Iran

Look up threat intelligence for a specific IP address.

Related: Country Threat Ranking Country Risk Trends → Top Malicious IPs → AS58224 Intelligence AS44208 Intelligence AS25184 Intelligence Global Attack Trends Detect Malicious Traffic

Loading threat intelligence data...