IOC Radar
IPMediumSignal 76/100

185.220.100.240

Location
GermanyGermany
Haßfurt, BY
ASN
AS205100
F3 Netze e.V
First Seen
Aug 26, 2020
Last Seen
Jun 18, 2026
Aug 26
First Seen
2124d ago
Jun 18
Last Seen
2d ago
51
Reports
source reports
76%
Confidence
medium
Found in 51 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
76%
Signal Score
76 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

92 techniques

Network Information

CountryDEGermany
RegionHaßfurt, BY
ASNAS205100
OrganizationF3 Netze e.V

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

51 reports76% confidence
51
Source reports
76%
Confidence score
Category tags
abuseabuseipdbacademic institutionsaccessaccess attemptaccess controlactive scanactive scanningadbhoney activityadbhoney honeypotaerospace & defensealienvault_ransomwareandroid device attacksanonymity network abuseanonymization networkanonymization network activityanonymization network iocsanonymization network trafficanonymization_network_originanonymization_service_trafficanonymized attack activityanonymous attack sourceanonymous proxiesanonymous proxyanonymous_proxyanti-phishingapi servicesaptapt28apt29apt41arctic wolfasaasiaattackattack sourceattacker ipattacker ip: confirmedattacker-ipaustraliaauthbypassauthenticationauthentication abuseauthentication attemptsauthorization bypassauto-generated securityautomated attackautomated attacksautomated-attackautomated_attackautomated_attacksautomotive manufacturingbad reputationbad web botbankingblacklisted ipsblog spambooterbotnetbotnet activitybotnet detectionbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcebulgariac2c2 communicationc2 detectioncertcharming kittenchinacisco asacisco asa targetedcisco asa targetingcisco devicecisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco securecisco taloscisco_devicescivil servicesclientcode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommentcommunication protocolcommunication technologiescompromised credentialscompromised hostcompromised hostsconpot activityconpot honeypotcontent deliverycowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie ssh honeypotcredential accesscredential attackcredential brute forcingcredential guessingcredential harvestingcredential stuffingcredential theftcredential-stuffingcredential_accesscredential_access_attemptscredential_attackcredential_guessingcredential_stuffingcredit card servicesctacve exploitcve exploitationcyber securitydarkforumsdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase probingdatabase securityddosddos attackddos attack indicatorsddos reflectiondedecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedesktopdetect-debug-environmentdevice managementdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdirect-cpu-clock-accessdistributed attacksdnsdns attackeducation sectoreducational resourceseducational serviceseducational technologyelasticpot honeypotelasticsearch monitoringelectronic health recordselectronics manufacturingencryptionenterprise networkingentityenumerationeuropeeurope/asiaevasionexecutable fileexit nodeexit node threatexploitexploit attemptexploit attemptsexploit exploitationexploit kit activityexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostfattfinancefinance and insurancefinancial servicesfinancial technologyfinlandfireholfirewall eventfrancefraud ordersftpftp attacksftp brute forceftp brute-forceftp protocolftp_attemptsftp_brute_forceftp_servicegenericgermanygovernment technologygroupgroupshackinghealth care and social assistancehealth information technologyhealthcare information systemshealthcare sectorheralding activityhigher educationhoneynet connecthoneytrap datahoneytrap honeypothong konghospital managementhostscanhttp attackhttp botnethttp brute forcehttp exploitationhttp probinghttp scannerhttp scanninghttp-floodhttp_brute_forcehttpshttps brute forcehttps scanninghuntericsics securityics/scada attacksidentity & access exploitationidleimagesimapindicatorsindicators of compromiseindicators_of_compromiseindonesiaindustrial automationindustrial control systemsindustrial iotindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptsinitial_accessinitial_access_attemptinjection activityinjection attacksinternet-facinginternet_background_noiseintrusion detectioniociot securityiot targetediot/ics attackipv4ipv4 addressiranirc botnetit infrastructurek-12 educationkbell kallenkorea, democratic people's republic ofkwilson kmillerl7-ddoslamplamp attacklamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack exploitationlamp stack targetinglateral movementlazarus grouplinuxlinux-server-attacklinux_serverslocallog4jlog4shelllogin attacklogin attackslogin attemptlogin credentialslong-sleepslookmailoney honeypotmalicious activitymalicious activity detectedmalicious emailmalicious ip activitymalicious ip addressesmalicious ipsmalicious linksmalicious login attemptsmalicious network activitymalicious payload detectionmalicious softwaremalicious trafficmalicious-login-attemptsmalicious_ipsmalicious_trafficmalwaremalware activitymalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware filtermanualmanufacturing technologymedical servicesmexicomilitary operationsmobile carriersmobile networksmobile threatmodbus attacksmonthlymssql_brute_forcemuddywaternation-statenation-state activitynation-state actornation-state apt infrastructurenational securitynetnetherlandsnetworknetwork activitynetwork anomaliesnetwork attacksnetwork device attacksnetwork device probingnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-based attack attemptsnetwork_attacknetwork_devicenetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenetwork_service_probingnetworkmonitoringnextraynorth americanorth-koreaoceaniaopen proxyopenctiopportunistic attackopportunistic_attackeroverlayp0fpalo altopanamapassword attackpassword attackspatient carepayment processingpeexeperimeter devicesphishingphishing attackphishing trapping of deathpleasepngpolandport-scanningportscanpossible botnet activitypossible credential reusepossible credential stuffingpossible data exfiltrationpossible exploit attemptpossible intrusion attemptpossible malware distributionpossible mirai variantpossible reconnaissancepotential botnet activitypotential compromisepotential credential compromisepotential exploitpotential exploit activitypotential lateral movementpotential malicious activitypotential threat actorpotential vulnerability exploitationprivilege escalationprobingprocess injectionprocess manufacturingprotocol exploitationprotocol scanningprotocol-abuseprotocol_scanningproxyproxy abuseproxy ip addressesproxy ipsproxy networkproxy serverproxy server activityproxy_trafficproxy_usagepublic administrationpublic coveragepublic infrastructurepublic policyquality controlransomwareransomware activityravpnrdp attacksrdp protocolrdp_attemptsrdp_brute_forcerdp_servicereconnaissancereconnaissance activityreconnaissance_activityredis honeypotregulatory agenciesremote accessremote access attacksremote access attemptsremote code executionremote service exploitationremote servicesresearchedresource hijackingrtbhruntime-modulesrussias7comm attacksscams & fraudscannerscannersscanningscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionserverserver exploitationserviceservice discoveryservice enumerationservice scanservice-scansftp access attemptsftp activitysftp attacksftp attackssftp probingsftp-attackshinyhunterssip attackssip brute forcesip scansip scanningslugsmb attackssmb brute forcesmb exploitationsmb_enumerationsmb_servicesmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsmtp_brute_forcesocial engineeringsoftware developmentsouth koreaspamspamhaussql injectionsql injection attemptssshssh attackssh attacksssh monitoringssh protocolssh-brute-forcessh_attemptsssh_brute_forcessh_servicesupply chain attacksupply chain managementsurface websuspicious-udpsuspicioustrafficsynsyn scansystem accesssystem compromiset1001t1003t1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1047t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1078.002t1083t1087t1090t1090 proxyt1090.002t1090.003t1098.004t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1132.002t1133t1187t1189t1190t1203t1204t1204.001t1204.002t1210t1213t1486t1496t1499.001t1499.002t1499.003t1505.002t1555t1563t1564.003t1564.004t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583.001t1583.003t1583.004t1587.001t1588t1588.002t1589t1589.001t1590t1590.001t1590.005t1592t1595t1595 active scanningt1595.001t1595.002t1595.003tannertanner activitytanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecom servicestelecommunicationstelnet attackstelnet threattelnet-brute-forcetelnet_attemptstexttftpthreatthreat activitythreat actorthreat actor infrastructurethreat defensethreat detectionthreat infrastructurethreat intelligencethreat intelligence feedthreat preventionthreat_activitythreat_actor_activitythreat_intelligencethreat_intelligence_feedtortor activitytor exittor exit nodetor networktor network activitytor nodetor node indicatorstor-exit-nodestor-guard-nodestor_exit_nodetor_traffictpottraffic analysistsecudp port scanudp scanukraineunattributed threat actorunattributed_threat_activityunauthenticated accessunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized-access-attemptunauthorized_accessunitedunited kingdomunited statesuniversity of albertausvalid_accountsvalidatorvietnamvnc protocolvoidtrapvoipvoip attackvpnvpn connectionvpn gatevpn ipvpn ip addressesvpn servicevpn trafficvpn_trafficvpnsvulnerability scanvulnerability-exploitationvultrwealth managementweb apisweb app attackweb application attackweb application attacksweb application scanweb application scanningweb applicationsweb attackweb attacksweb brute forceweb developmentweb exploitweb exploit attemptweb exploitationweb hostingweb infrastructureweb scannerweb securityweb serverweb server attackweb server attacksweb service scanningweb servicesweb spamweb technologiesweb trafficweb-application-attackweb_applicationweb_attacksweb_service_scanningwebscanwebscannerwindowsxmlzallen wwilsonzbrooks zbellzdaviszhoward zbutlerzlong zleezortiz zmorriszthomas ztaylor

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
76
SIGNAL
Signal Score
76%
Confidence
51
Reports
First seenAug 26, 2020
Last seenJun 18, 2026
GeolocationDE
CountryGermany
LocationHaßfurt, BY
ASNAS205100
OrgF3 Netze e.V
Coords49.4474, 11.0604
ProxyVPN

VirusTotal

Not checked

WHOIS

description
Anonymization_Network indicators. Date: Apr 8, 2026. Part 2/5. For more threat intelligence visit https://ltna.com.au/cyber
raw
inetnum: 185.220.100.240 - 185.220.100.255 descr: Network for Tor-Exit traffic. remarks: ----------------------------------- remarks: This network is used for Tor Exits. remarks: We do not have any logs at all. remarks: For more information please visit: remarks: https://www.torproject.org remarks: ----------------------------------- remarks: Dieses Netz hostet nur Tor-Exits. remarks: Wir haben keinerlei Logs. remarks: Mehr Informationen unter: remarks: https://www.torproject.org remarks: ----------------------------------- netname: TOR-EXIT country: DE admin-c: FN2977-RIPE tech-c: FN2977-RIPE status: ASSIGNED PA mnt-by: F3NETZE created: 2020-01-15T18:58:08Z last-modified: 2021-03-22T21:10:04Z source: RIPE org: ORG-FNE6-RIPE organisation: ORG-FNE6-RIPE org-name: F3 Netze e.V. country: DE org-type: OTHER address: Am Hafen 6 address: 97437 Hassfurt address: DE abuse-c: AA32807-RIPE mnt-ref: F3NETZE mnt-ref: ZWIEBELFREUNDE mnt-by: F3NETZE created: 2017-11-06T17:07:57Z last-modified: 2022-12-01T17:12:28Z source: RIPE # Filtered role: F3Netze NOC address: F3 Netze e.V. address: Am Hafen 6 address: 97437 Hassfurt address: Germany admin-c: TN3638-RIPE admin-c: CR8822-RIPE admin-c: FB15623-RIPE admin-c: TK7920-RIPE tech-c: TN3638-RIPE tech-c: CR8822-RIPE tech-c: FB15623-RIPE tech-c: TK7920-RIPE nic-hdl: FN2977-RIPE mnt-by: F3NETZE created: 2018-03-26T10:57:36Z last-modified: 2019-10-04T14:16:13Z source: RIPE # Filtered route: 185.220.100.0/24 origin: AS205100 mnt-by: F3NETZE created: 2018-02-18T18:17:41Z last-modified: 2018-02-18T18:17:41Z source: RIPE
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/platformbuilds/Tor-IP-Addresses/refs/heads/master/tor-exit-nodes.lst, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://check.torproject.org/torbulkexitlist, https://list.rtbh.com.tr/output.txt, Exit_Nodes.csv, https://metrics.torproject.org/rs.html#toprelays, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4, https://www.bleepingcomputer.com/news/security/cisco-warns-of-large-scale-brute-force-attacks-against-vpn-services/, https://raw.githubusercontent.com/Cisco-Talos/IOCs/main/2024/04/coralraider-targets-socialmedia-accounts.txt, https://raw.githubusercontent.com/Cisco-Talos/IOCs/main/2024/04/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials.txt, https://raw.githubusercontent.com/Cisco-Talos/IOCs/main/2024/04/offlrouter-virus-causes-upload-confidential-documents-to-virustotal.txt, https://raw.githubusercontent.com/Cisco-Talos/IOCs/main/2024/04/starry-addax.txt, https://arcticwolf.com/resources/blog/password-spraying-activity-targeting-various-vpn-appliances-firewalls-and-other-public-web-based-applications/, https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 2 days ago
Appeared in 51 threat reports