IPMediumSignal 71/100

`185.220.100.242`

Location

Germany

Haßfurt, BY

ASN

AS205100

F3 Netze e.V

First Seen

Jun 5, 2020

Last Seen

Jun 8, 2026

Jun 5

First Seen

2199d ago

Jun 8

Last Seen

4d ago

Reports

source reports

71%

Confidence

medium

Found in 49 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

71%

Signal Score

71 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

106 techniques

Network Information

Country

Germany

RegionHaßfurt, BY

ASNAS205100

OrganizationF3 Netze e.V

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

49 reports71% confidence

Source reports

71%

Confidence score

Category tags

abuseabuseipdbaccessaccess controlacintactive scanactive scanningadbadb protocoladbhoney activityadbhoney honeypotaerospace & defenseagentagent teslaalaskaalexaalexa topall octoseekand exploitation attemptsandroid device attacksanonymity network abuseanonymity serviceanonymization networkanonymization network trafficanonymization networksanonymization servicesanonymization_network_originanonymization_service_trafficanonymous proxiesanonymous proxy networkapi servicesappdataappleapple iosapplication layer protocolaptapt28apt29apt41artemisasaascii textasiaasnone unitedasyncratattackattack infrastructureattack sourceattack-vector:brute-forceattack-vector:port-scanattacker ipsattacker-ipaustraliaauthenticationauthentication abuseauthentication attemptsauto-generated securityautomated attackautomated attacksautomated network attacksautomated threatautomated-attackautomated_attackautomated_attacksautomotive manufacturingazorultbad reputationbad web botbangladeshbankbankerbankingbazaloaderbazarloaderblacklist httpblacklist httpsblacklisted domainblacklisted ipblacklisted ipsblacklisted urlblockchainblog spambodybotnetbotnet activitybotnet c2botnet communicationbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackc2c2 communicationcertcharming kittenchinacisco asacisco asa targetedcisco devicecisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco securecisco taloscisco umbrellacisco_devicescivil servicesclasscleanerclickcobalt strikecode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommentcommunication protocolcompromised credentialscompromised hostcompromised hostscompromised systemcompromised system detectionconduitconpot activityconpot honeypotcontent deliverycorecovid19cowriecowrie activitycowrie attackscowrie emulationcowrie honeypotcowrie interactionscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute forcingcredential guessingcredential harvestingcredential stuffingcredential theftcredential-stuffingcredential_accesscredential_access_attemptscredential_attackcredential_guessingcredential_stuffingcredit card servicescry killcryptocurrencycyber securitycyber threatdapatodarkforumsdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase probingdatabase securityddosddos activityddos attackddos reflectiondedecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedetection listdevice managementdga domaindionaeadionaea activitydionaea attacksdionaea capturedionaea honeypotdionaea interactionsdirectory traversaldistributed attacksdnsdns attackdomaindownldrdownloaderdroppeddropperelasticpot honeypotelasticsearch monitoringelectronics manufacturingemotetencpkencryptencryptionengineeringenterprise networkingentriesenumerationenumeration activityerroret toreuropeeurope/asiaevent-type:credential-accessevent-type:initial-accessevent-type:reconnaissanceexecutable fileexitexit nodeexpiredexploitexploit attemptexploit attemptsexploit exploitationexploit public-facing applicationexploit targetingexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexposed_portsexternal access attemptsexternal threatfalconfali contactedfali maliciousfattfatt signaturesfilefilesfinancefinance and insurancefinancial servicesfinancial technologyfinlandfireholfirewall eventfrancefraud ordersftpftp attacksftp brute forceftp brute-forceftp_attemptsftp_brute_forceftp_protocolfusioncoregeneratorgenericgeneric exploitgeneric malwaregermanygovernment technologygroupshackingheralding activityheurhoneynet connecthoneytrap datahoneytrap honeypothoneytrap interactionshostnamehttp brute forcehttp communicationhttp probinghttp scannerhttp scanninghttp/shttp_brute_forcehttp_httpshttpshttps communicationhunterhybridi2p networkicsics attacksics securityics/scada attacksics/scada systemsidentity & access exploitationiframeimagesimapindexindicatorindicatorsindicators of compromiseindicators_of_compromiseindustrial automationindustrial control systemsindustrial iotindustrial productioninfected hostsinformation technologyinfostealerinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial_accessinitial_access_attemptinjection activityinjection attacksinternet storminternet-facingintrusion detectioniobitiociot attacksiot securityiot systemsiot targetediot/ics attackipv4ipv4 addressiranirc communicationit infrastructurejapan unknownkbell kallenkeep alivekeyloggerknown torkorea, democratic people's republic ofkwilson kmillerlamplamp attacklamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack exploitationlamp stack targetinglamp vulnerability scanlateral movementlazarus grouplcialinuxlinux serverslinux systemslinux-server-attacklinux_serverslocallockbitlog4jlog4shelllogin attackslogin attemptlookmailoney activitymailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious domainsmalicious emailmalicious ip activitymalicious linksmalicious login attemptsmalicious network activitymalicious payload detectionmalicious sitemalicious softwaremalicious trafficmalicious urlsmalicious-login-attemptsmalicious_ipmalicious_ip_activitymalvertizingmalwaremalware behaviourmalware c2malware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware noradmalware sitemanualmanufacturing technologymediametameterpretermilitary operationsmillionminermiraimisc attackmobile threatmodbusmodbus attacksmodbus protocolmonthlymovedmsilmssqlmuddywatermulti-protocol network scanningname verdictnanocore ratnation-statenation-state activitynation-state actornation-state apt infrastructurenational securitynetnetwire rcnetworknetwork activitynetwork attacksnetwork device attacksnetwork device probingnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-based attack attemptsnetwork_attacknetwork_devicenetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenetwormnextnextraynjratnode trafficnoname057north americanorth-koreaoceaniaopenopen proxyopenctiopportunistic attackot attacksp0fp0f signaturesp2p communicationpassive dnspassword attackpassword attackspattern matchpayment processingpaypalperimeter devicesphishphishingphishing attackphishing sitephishing trappngpng imagepolandponyport-scanningpossible botnet activitypossible credential stuffingpossible ddos activitypossible exploit attemptpossible intrusion attemptpossible malware distributionpossible malware propagationpossible mirai variantpossible reconnaissancepotential botnet activitypotential compromisepotential credential compromisepotential exploitpotential exploit activitypotential lateral movementpotential malicious activitypotential threat actorpotential_intrusion_attemptpredatorprocess injectionprocess manufacturingprotocol exploitationprotocol scanningprotocol-abuseprotocol:ftpprotocol:httpprotocol:httpsprotocol:rdpprotocol:smtpprotocol:sshprotocol:telnetprotocol_scanningproxyproxy abuseproxy ipsproxy networkproxy serverproxy serverspublic administrationpublic infrastructurepublic policypulse pulsesqakbotqbotquality controlquasarraccoonransomransomexxransomwarerdp attacksrdp_attemptsrdp_brute_forcerdp_protocolreconnaissancereconnaissance activityredis honeypotredlineredline stealerrefreshregulatory agenciesremcosremote accessremote service exploitationremote servicesresearchedresource hijackingrestartrostpayrussiarussia unknowns7comms7comm attackss7comm protocolsafe sitesamplesscams & fraudscan endpointsscannerscanning activityscriptscripting attackssearchsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer interactionsserverserver exploitationserviceservice discoveryservice enumerationservice scanservice scanningservice_discoverysftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp exploitationsftp probingsftp protocolsftp-attackshinyhunterssilk roadsip attackssip brute forcesip protocolsip scansip scanningsiteslugsmb attackssmb brute forcesmokeloadersmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsoftware developmentspamspam botspamhausspanspyrixkeyloggerspywaresql injectionsshssh attackssh attacksssh monitoringssh protocolssh-brute-forcessh_attemptsssh_brute_forcessh_protocolssl certificatestealerstringssummarysupply chain attacksupply chain managementsurface websuricata alertssuspected malicious activitysuspicious-udpswrortsynsyn scant-pott1001t1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1029t1040t1041t1046t1047t1053t1053.005t1055t1056.001t1057t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.002t1071.003t1071.004t1076t1077t1078t1078.002t1083t1090t1090 - proxyt1090 proxyt1090.002t1090.003t1098.004t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1114t1132.002t1133t1176t1189t1190t1203t1204t1204.001t1204.002t1210t1486t1491t1496t1497t1499.001t1499.002t1499.003t1505.002t1555t1563t1564.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1568t1568.002t1569t1569.002t1571t1572t1573t1573.001t1573.002t1583t1583.001t1583.003t1583.004t1587.001t1588t1588.002t1588.004t1589t1589.001t1589.002t1590t1590.001t1590.005t1590.006t1592t1592.002t1595t1595 active scanningt1595.001t1595.002t1595.003tag counttannertanner activitytanner interactionstargeting databasetcp protocoltcp scantcp scanningteamtelecommunicationstelnet attackstelnet threattelnet-brute-forcetelnet_attemptstelnet_protocoltftpthreatthreat actorthreat actor infrastructurethreat detectionthreat infrastructurethreat intelligencethreat intelligence feedthreat preventionthreat reportthreat-actor:unattributedthreat_activitythreat_actor_activitythreat_intelligencethreat_intelligence_feedtoolstortor activitytor exittor exit nodetor networktor network activitytor nodetor-exit-nodestor-guard-nodestor_activitytor_exit_nodetpottraffic analysistrojantrojanspytsara brashearstsecturkeytwittertypeudp port scanudp scanunattributed threat actorunattributed_threat_activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized-access-attemptunionunitedunited statesunknown threat actorunsafeurlsus-akvalidatorverifyvidarvnc protocolvoipvoip attackvoip attacksvpnvpn gatevpn ipvpn networkvpn servicevpn trafficvpn_activityvulnerability scanwacatacwealth managementweb apisweb app attackweb application attackweb application scanweb application scanningweb applicationsweb attackweb attacksweb developmentweb exploit attemptweb exploitationweb hostingweb infrastructureweb loginweb scannerweb securityweb server attacksweb serversweb service scanningweb servicesweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb_applicationweb_attackswindows ntxcnfezallen wwilsonzbrooks zbellzdaviszhoward zbutlerzlong zleezortiz zmorriszthomas ztaylor

Activity Timeline

1 total obs

Jun 8Jun 8

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

71%

Confidence

Reports

First seenJun 5, 2020

Last seenJun 8, 2026

GeolocationDE

CountryGermany

LocationHaßfurt, BY

ASNAS205100

OrgF3 Netze e.V

Coords49.4474, 11.0604

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Anonymization_Network indicators. Date: Apr 8, 2026. Part 1/5. For more threat intelligence visit https://ltna.com.au/cyber
raw: inetnum: 185.220.100.240 - 185.220.100.255 descr: Network for Tor-Exit traffic. remarks: ----------------------------------- remarks: This network is used for Tor Exits. remarks: We do not have any logs at all. remarks: For more information please visit: remarks: https://www.torproject.org remarks: ----------------------------------- remarks: Dieses Netz hostet nur Tor-Exits. remarks: Wir haben keinerlei Logs. remarks: Mehr Informationen unter: remarks: https://www.torproject.org remarks: ----------------------------------- netname: TOR-EXIT country: DE admin-c: FN2977-RIPE tech-c: FN2977-RIPE status: ASSIGNED PA mnt-by: F3NETZE created: 2020-01-15T18:58:08Z last-modified: 2021-03-22T21:10:04Z source: RIPE org: ORG-FNE6-RIPE organisation: ORG-FNE6-RIPE org-name: F3 Netze e.V. country: DE org-type: OTHER address: Am Hafen 6 address: 97437 Hassfurt address: DE abuse-c: AA32807-RIPE mnt-ref: F3NETZE mnt-ref: ZWIEBELFREUNDE mnt-by: F3NETZE created: 2017-11-06T17:07:57Z last-modified: 2022-12-01T17:12:28Z source: RIPE # Filtered role: F3Netze NOC address: F3 Netze e.V. address: Am Hafen 6 address: 97437 Hassfurt address: Germany admin-c: TN3638-RIPE admin-c: CR8822-RIPE admin-c: FB15623-RIPE admin-c: TK7920-RIPE tech-c: TN3638-RIPE tech-c: CR8822-RIPE tech-c: FB15623-RIPE tech-c: TK7920-RIPE nic-hdl: FN2977-RIPE mnt-by: F3NETZE created: 2018-03-26T10:57:36Z last-modified: 2019-10-04T14:16:13Z source: RIPE # Filtered route: 185.220.100.0/24 origin: AS205100 mnt-by: F3NETZE created: 2018-02-18T18:17:41Z last-modified: 2018-02-18T18:17:41Z source: RIPE
references: https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://check.torproject.org/torbulkexitlist, https://github.com/telekom-security/tpotce, Exit_Nodes.csv, https://metrics.torproject.org/rs.html#toprelays, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4, https://www.bleepingcomputer.com/news/security/cisco-warns-of-large-scale-brute-force-attacks-against-vpn-services/, https://raw.githubusercontent.com/Cisco-Talos/IOCs/main/2024/04/coralraider-targets-socialmedia-accounts.txt, https://raw.githubusercontent.com/Cisco-Talos/IOCs/main/2024/04/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials.txt, https://raw.githubusercontent.com/Cisco-Talos/IOCs/main/2024/04/offlrouter-virus-causes-upload-confidential-documents-to-virustotal.txt, https://raw.githubusercontent.com/Cisco-Talos/IOCs/main/2024/04/starry-addax.txt

`185.220.100.242`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy