Iran (IR) Threat Intelligence

IR

Iran has 25,357 malicious IP addresses with 733,513 abuse reports. Top threat categories include suspicious activity, severe abuse, ssh bruteforce, moderate threat, high threat. Top attacking networks: Iran Telecommunication Company PJS (4,037 IPs), Limited Network LTD (1,851 IPs), Farahoosh Dena PLC (1,642 IPs). Data collected since 2023-08-30, last activity 2026-07-06.

Threat Assessment: Iran shows substantial cyber threat activity, ranking among the top threat source countries worldwide. The dominant attack types are suspicious activity, severe abuse, ssh bruteforce. The majority of threats originate from networks operated by Iran Telecommunication Company PJS and Limited Network LTD.

Total Reports
733,513
Unique IPs
25,357
First Seen
2023-08-30
Last Activity
2026-07-06

Top Threat Categories

Suspicious Activity 20,341
Severe Abuse 5,943
Ssh Bruteforce 2,283
Moderate Threat 1,420
High Threat 909

Top Attacking Networks

AS58224 Iran Telecommunication Company PJS
4,037 IPs
AS213790 Limited Network LTD
1,851 IPs
AS44208 Farahoosh Dena PLC
1,642 IPs

Most Reported IPs in Iran

81.30.98.144 405 reports
81.30.98.49 404 reports
81.30.98.44 403 reports
81.30.98.158 402 reports
81.30.98.142 402 reports

Access this data via API

Get Iran threat intelligence programmatically.

curl https://ip.wayscloud.services/api/country/IR

View full API documentation

See how we classify and verify threats →

Check any IP from Iran

Look up threat intelligence for a specific IP address.

Related: Country Threat Ranking Country Risk Trends → Top Malicious IPs → AS58224 Intelligence AS213790 Intelligence AS44208 Intelligence Global Attack Trends Detect Malicious Traffic

Loading threat intelligence data...