IPMediumSignal 66/100

`185.220.100.246`

Location

Germany

Haßfurt, Bavaria

ASN

AS205100

F3 Netze e.V

First Seen

Aug 26, 2020

Last Seen

Jun 3, 2026

Aug 26

First Seen

2117d ago

Jun 3

Last Seen

10d ago

Reports

source reports

66%

Confidence

medium

Found in 38 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

66%

Signal Score

66 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

91 techniques

Network Information

Country

Germany

RegionHaßfurt, Bavaria

ASNAS205100

OrganizationF3 Netze e.V

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

38 reports66% confidence

Source reports

66%

Confidence score

Category tags

abuseipdbacademic institutionsaccess controlacintactive scanactive scanningadb attacksadbhoney activityadbhoney honeypotaerospace & defenseagentagent teslaalexaalexa topall octoseekanomaly detectionanonymity network abuseanonymization networkanonymization network activityanonymization network trafficanonymization network usageanonymization serviceanonymization toolsanonymization_network_indicatorsanonymization_network_originanonymization_service_trafficanonymous proxiesanonymous proxyanonymous sourceapi servicesappdataappleapple iosartemisasaascii textasiaasnone unitedasyncratattackattack attemptattack sourceattack_infrastructureattack_vector:brute_forceattack_vector:port_scanningaustraliaauthentication abuseauthentication attacksauthentication attemptsauthentication protocolsauto-generated securityautomated attackautomated attacksautomated threatautomated-attackautomated_attackautomotive manufacturingazorultbad reputationbad web botbangladeshbankbankerbankingbazaloaderbazarloaderblacklist httpblacklist httpsblockchainbodybotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute-force-attackbrute_forcebrute_force_attackc2 communicationc2 servercisco asacisco asa targetedcisco devicecisco device attackscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco securecisco taloscisco umbrellacivil servicesclasscleanerclickcobalt strikecode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication technologiescompromised credentialscompromised hostcompromised hostsconduitconpot activityconpot honeypotcontent deliverycorecovid19cowriecowrie activitycowrie attackscowrie emulationcowrie honeypotcowrie interactionscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential crackingcredential guessingcredential harvestingcredential stuffingcredential theftcredential-stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingcredit card servicescry killcryptocurrencycyber threatdapatodata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase securitydatabase servicesddosddos attackddos reflectiondedecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedetection listdevice managementdionaeadionaea activitydionaea attacksdionaea capturedionaea honeypotdistributed attacksdnsdns attackdomaindownldrdownloaderdroppeddroppereducation sectoreducational resourceseducational serviceseducational technologyelasticpot honeypotelasticsearch monitoringelectronic health recordselectronics manufacturingemotetencpkencryptencryptionengineeringenterprise networkingentityentriesenumerationerroret toreuropeexitexit nodeexpiredexploitexploit attemptsexploit exploitationexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal access attemptsexternal proxyfalconfali contactedfali maliciousfattfilefilesfin scanfinancefinancial servicesfinancial technologyfireholfirewall eventftpftp attacksftp brute forceftp brute-forceftp_attemptsftp_brute_forceftp_servicefusioncoregeneratorgenericgeneric malwaregermanygovernment technologyhackinghealth care and social assistancehealth information technologyhealthcare information systemshealthcare sectorheralding activityheurhigher educationhoneytrap datahoneytrap honeypothospital managementhostnamehttp brute forcehttp scannerhttp scanninghttp/shttpshttps brute forcehybridics securityics/scada attacksidentity & access exploitationiframeimapindicatorindicatorsindicators of compromiseindicators_of_compromiseindustrial automationindustrial control systemsindustrial iotindustrial productioninformation technologyinfostealerinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinitial_access_attemptinjection activityinjection attacksinternet facing servicesinternet storminternet-facinginternet_scansintrusion detectioniobitiociot attacksiot securityiot targetediot/ics attackipv4ipv4 addressit infrastructurejapan unknownk-12 educationkbell kallenkeep alivekeyloggerknown torkwilson kmillerlamplamp attacklamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack exploitationlamp stack targetinglateral movementlinuxlinux serverslinux systemslinux-server-attacklocallockbitlog4jlog4shelllookmailoney activitymailoney honeypotmalaysiamalicious activitymalicious activity detectedmalicious emailmalicious linksmalicious network activitymalicious sitemalicious softwaremalicious trafficmalicious-activitymalicious-login-attemptsmalicious_ip_addressesmalicious_trafficmalvertizingmalwaremalware activitymalware behaviourmalware capturemalware deliverymalware delivery attemptmalware deploymentmalware distributionmalware downloadmalware download attemptsmalware noradmalware propagation attemptmalware sitemanualmanufacturing technologymediamedical servicesmetameterpretermilitary operationsmillionminermiraimisc attackmobile carriersmobile networksmobile threatmonthlymovedmsilmssqlname verdictnanocore ratnational securitynetwire rcnetworknetwork activitynetwork attacksnetwork enumerationnetwork indicatorsnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-based attack attemptsnetwork-devicesnetwork_attacknetwork_discoverynetwork_indicatorsnetwork_reconnaissancenetwork_scanningnetwormnextnextraynjratnode trafficnoname057north americanull scanoceaniaopenopen proxyopportunistic_threatp0fpassive dnspassword attackpassword attackspassword-guessingpatient carepattern matchpayment processingpaypalphishphishingphishing attackphishing sitephishing trapping of deathpleasepng imageponyport-scanningpossible botnet activitypossible credential stuffingpossible data exfiltrationpossible malware distributionpossible malware propagationpossible mirai variantpossible reconnaissancepotential botnet activitypotential credential compromisepotential exploitpotential lateral movementpotential threat actorpotential vulnerability exploitationpredatorprocess injectionprocess manufacturingprotocol exploitationprotocol scanningprotocol-abuseprotocol:ftpprotocol:rdpprotocol:sshprotocol_scanningproxyproxy abuseproxy ipsproxy networkproxy server activityproxy server detectionproxy trafficpublic administrationpublic infrastructurepublic policypulse pulsesqakbotqbotquality controlquasarraccoonransomransomexxransomwareratrdp attacksrdp_attemptsrdp_brute_forcerdp_servicereconnaissancereconnaissance activityredlineredline stealerrefreshregulatory agenciesremcosremote accessremote access attemptsremote service exploitationremote servicesresearchedresource hijackingrestartrostpayrussia unknownsafe sitesamplesscams & fraudscan endpointsscannerscanning activityscriptscripting attackssearchsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionserver exploitationserviceservice discoveryservice enumerationservice scanservice scanningsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp exploitationsftp probingsftp-attacksilk roadsip attackssip brute forcesip scanningsitesmb attackssmb brute forcesmokeloadersmtpsmtp attackssmtp brute forcesocial engineeringsockssoftware developmentspamspamhausspanspyrixkeyloggerspywaresql injectionsshssh attackssh attacksssh monitoringssh-brute-forcessh_attemptsssh_brute_forcessh_servicessl certificatestealerstringssummarysupply chain attacksupply chain managementsurface webswrortsyn scansystem accesst-pott1001t1003t1016t1018t1021t1021.001t1021.002t1021.004t1021.006t1027t1040t1041t1046t1047t1053t1053.005t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1078.002t1081t1083t1087t1090t1090 proxyt1090.002t1090.003t1098.004t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1114t1132.002t1133t1176t1189t1190t1203t1204t1204.001t1204.002t1486t1491t1496t1497t1499.001t1499.002t1499.003t1505.002t1555t1563t1564.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1572t1573t1583.001t1587.001t1588t1588.002t1589t1589.001t1590t1590.001t1590.005t1590.006t1592t1592.002t1595t1595 active scanningt1595.001t1595.002t1595.003tag counttannertanner activitytanner interactionstargeting databasetcp protocoltcp scanningteamtelecom servicestelecommunicationstelnet attackstelnet threattelnet-brute-forcetelnet_attemptstftpthreat actorthreat detectionthreat infrastructurethreat intelligencethreat intelligence feedthreat preventionthreat reportthreat_activitythreat_actor_activitythreat_intelligencethreat_intelligence_feedthreat_source:anonymization_networkthreat_source:tor_networkthreat_source:vpn_exit_nodetoolstortor activitytor exittor exit nodetor networktor network activitytor network traffictor nodetor traffictor_exit_nodetor_traffictpottraffic analysistrojantrojanspytsara brashearstsectwittertypeudp port scanunattributed_threat_activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized-access-attemptunionunitedunited statesuniversity of albertaunknown threat actorunsafeurlsvalid_accountsverifyvidarvnc protocolvoipvoip attackvpnvpn gatevpn ipvpn trafficvpn_trafficvulnerability scanvulnerability-exploitationvulnerability-scanningwacatacwealth managementweb apisweb app attackweb application attackweb application scanningweb applicationsweb attackweb attacksweb crawlerweb crawlingweb developmentweb exploitweb exploit attemptweb exploitationweb hostingweb infrastructureweb scannerweb securityweb servicesweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-serversweb_protocolwindows ntxcnfexmas scanzallen wwilsonzbrooks zbellzdaviszhoward zbutlerzlong zleezortiz zmorriszthomas ztaylor

Activity Timeline

1 total obs

Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

66%

Confidence

Reports

First seenAug 26, 2020

Last seenJun 3, 2026

GeolocationDE

CountryGermany

LocationHaßfurt, Bavaria

ASNAS205100

OrgF3 Netze e.V

Coords50.0263, 10.5157

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Anonymization_Network indicators. Date: Apr 8, 2026. Part 2/5. For more threat intelligence visit https://ltna.com.au/cyber
raw: inetnum: 185.220.100.240 - 185.220.100.255 descr: Network for Tor-Exit traffic. remarks: ----------------------------------- remarks: This network is used for Tor Exits. remarks: We do not have any logs at all. remarks: For more information please visit: remarks: https://www.torproject.org remarks: ----------------------------------- remarks: Dieses Netz hostet nur Tor-Exits. remarks: Wir haben keinerlei Logs. remarks: Mehr Informationen unter: remarks: https://www.torproject.org remarks: ----------------------------------- netname: TOR-EXIT country: DE admin-c: FN2977-RIPE tech-c: FN2977-RIPE status: ASSIGNED PA mnt-by: F3NETZE created: 2020-01-15T18:58:08Z last-modified: 2021-03-22T21:10:04Z source: RIPE org: ORG-FNE6-RIPE organisation: ORG-FNE6-RIPE org-name: F3 Netze e.V. country: DE org-type: OTHER address: Am Hafen 6 address: 97437 Hassfurt address: DE abuse-c: AA32807-RIPE mnt-ref: F3NETZE mnt-ref: ZWIEBELFREUNDE mnt-by: F3NETZE created: 2017-11-06T17:07:57Z last-modified: 2022-12-01T17:12:28Z source: RIPE # Filtered role: F3Netze NOC address: F3 Netze e.V. address: Am Hafen 6 address: 97437 Hassfurt address: Germany admin-c: TN3638-RIPE admin-c: CR8822-RIPE admin-c: FB15623-RIPE admin-c: TK7920-RIPE tech-c: TN3638-RIPE tech-c: CR8822-RIPE tech-c: FB15623-RIPE tech-c: TK7920-RIPE nic-hdl: FN2977-RIPE mnt-by: F3NETZE created: 2018-03-26T10:57:36Z last-modified: 2019-10-04T14:16:13Z source: RIPE # Filtered route: 185.220.100.0/24 origin: AS205100 mnt-by: F3NETZE created: 2018-02-18T18:17:41Z last-modified: 2018-02-18T18:17:41Z source: RIPE

`185.220.100.246`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy