IPMediumSignal 64/100

`185.220.100.255`

Location

Germany

Haßfurt, Bayern

ASN

AS205100

F3 Netze e.V

First Seen

Aug 26, 2020

Last Seen

Jun 4, 2026

Aug 26

First Seen

2114d ago

Jun 4

Last Seen

6d ago

Reports

source reports

64%

Confidence

medium

Found in 48 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

64%

Signal Score

64 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

121 techniques

Network Information

Country

Germany

RegionHaßfurt, Bayern

ASNAS205100

OrganizationF3 Netze e.V

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

48 reports64% confidence

Source reports

64%

Confidence score

Category tags

50 ip addresses50 ip iocs50+ unique ips50_iocsabuseabuse scoreabused ssl certificateabuseipdbaccess attemptaccess controlaccess_attemptsaccount takeover attemptactive scanactive scanningadbadbhoney activityadbhoney honeypotadversarial reconnaissanceafricaalibabaalibaba asnalibaba cloudalibaba cloud abusealibaba cloud activityalibaba cloud hostingalibaba cloud infrastructurealibaba cloud ipalibaba cloud ipsalibaba hostingalibaba infrastructurealibaba ipalibaba ipsalibaba network abusealibaba related activityand germanyandroid device attacksanomalous behavioranomalous ip activityanomalous network activityanomalous trafficanomaly detectionanonymity serviceanonymization networkanonymization network trafficanonymization networksanonymization servicesanonymization_network_originanonymization_service_trafficanonymous proxiesanonymous proxy networkanonymous_proxyapi servicesapplication layer protocolapplication_layer_protocolaptapt activityapt candidateapt indicatorsapt suspectedar ipar ip addressar ip addressesar ipsar_activityarg-based threatargentinaargentina based activityargentina based ipargentina based ipsargentina based threatargentina based threatsargentina ipargentina ip addressesargentina ipsargentina originargentina originatingargentina originating attacksargentina originating ipargentina originating ipsargentina-based activityargentina-related activityasaasiaattackattack campaignattack infrastructureattack originattack sourceattack vector: network-basedattack vectorsattack-vector:brute-forceattack-vector:port-scanattacker infrastructureaustraliaaustriaauthentication abuseauthentication attacksauthentication attemptsauto blockedauto blocked ipauto blocked ipsauto-blockedauto-blocked ipauto-blocked ipsauto-generatedauto-generated securityauto-updatedautomated analysisautomated attackautomated attacksautomated blockingautomated mitigationautomated network attacksautomated scanautomated threatautomated threat responseautomated-attackautomated_attackautomated_attacksautomotive manufacturingazerbaijanbad actor scorebad domainbad reputationbad reputation ipsbad web botbangladeshbankingbde 80bde 80+bde analysisbde scorebde score 80bde score 80+bde score alertbde score analysisbde score highbde score thresholdbde score: 80bde score: highbde: 80bde:80bde_80bde_score_80beaconing activitybeaconing behaviorbehavioral analysisbelgiumbig data analyticsblacklisted ipblacklisted ip addressesblacklisted ipsblockedblocked-ipsblog spambolivarian republic ofbotnetbotnet activitybotnet indicatorsbrand weaponizationbrazilbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute-force attacksbrute_forcebrute_force_attackbulgariac2c2 activityc2 channelc2 communicationc2 communication attemptc2 detectionc2 infrastructurec2 potentialc2 serverc2 trafficcambodiacanadachilechinachina based activitychina based attackchina based attackschina based ipchina based ipschina based threatchina based threatschina ip addresseschina ipschina originchina origin ipchina originatingchina originating activitychina originating attackschina originating ipchina originating ipschina related activitychina-based activitychina-based attackchina-based threatchina-based threat actorchina-based threat actorschina-linked activitychina-related activitychinese threat actorscisco asacisco asa targetedcisco asa targetingcisco devicecisco exploitationcisco exploitation attemptcisco exploitation attemptscisco_devicescivil servicesclient executioncloud computingcloud hostingcloud infrastructurecloud infrastructure abusecloud migrationcloud providercloud securitycloud servicescloud storagecn activitycn ipcn ip addresscn ip addressescn ipscn origincn originating ipcn_activitycnccnc communicationcode executioncommand & controlcommand and controlcommand executioncommand injectioncommandandcontrolcommunication channelcommunication patternscommunication protocolcommunication protocolscompromise assessmentcompromise attemptcompromise attemptscompromise indicatorscompromised credentialscompromised credentials attemptcompromised hostcompromised host communicationcompromised host detectioncompromised host indicatorscompromised hostscompromised hosts detectioncompromised hosts scanningcompromised infrastructurecompromised infrastructure activitycompromised servercompromised serverscompromised systemcompromised system detectioncompromised systemscompromised_infrastructureconnection attemptsconnection proxyconnection scrutinyconpot activityconpot honeypotcontent deliverycoordinated activitycoordinated attackcosta ricacountry: united statescowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie ssh honeypotcredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential brute forcingcredential dumpingcredential guessingcredential harvestingcredential stuffingcredential theftcredential-stuffingcredential_accesscredential_access_attemptscredential_attackcredential_guessingcredential_stuffingcredit card servicescross-border activitycryptocurrencycryptocurrency threatscryptojackingcyber criminalscyber threatsdata analysisdata encodingdata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration attemptsdata exfiltration potentialdata leakage detectiondata obfuscationdata store exposuredata theftdata transferdatabase attackdatabase attacksdatabase brute forcedatabase probingdatabase securityddosddos activityddos attackddos attacksddos candidatedede ipde ip addressde ip addressesde ipsde originde originating ipdecoy systemdefense evasiondenial of servicedevice managementdictionary attackdigital oceandionaea activitydionaea attacksdionaea honeypotdirectory enumerationdistributed attackdistributed attack patterndistributed attacksdiverse geographic origindnsdns attackdominican republicdugganusa threat inteldugganusa threat intelligenceelasticpot honeypotelasticsearch monitoringelectronic health recordselectronics manufacturingemerging threatemerging threatsencryptionenterprise networkingenumerationenumeration activityeu cyber policieseuropeeurope based ipseurope/asiaeuropean countrieseuropean ipeuropean ip addresseuropean ipseuropean locationseuropean nationseuropean origineuropean originating ipsevent-type:credential-accessevent-type:initial-accessevent-type:reconnaissanceexfiltrationexfiltration attemptsexit nodeexploitexploit attemptexploit attemptsexploit public-facing applicationexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation detectionexploited hostexploitsexternal access attemptsexternal attackexternal attack originexternal communicationexternal ipsexternal remote servicesexternal scanningexternal threatexternal threat actorexternal threat actorsfailed login attemptsfattfi ipfinancefinancial servicesfinancial technologyfinlandfireholfirewall eventfr activityfr ipfr ip addressesfr ipsfr originfr originating ipfr originating ipsfrancefrance-based activityftpftp attacksftp brute forceftp brute-forceftp protocolftp_attemptsftp_brute_forceftp_bruteforcegenericgeo-distributedgeo-distributed activitygeo-distributed attackgeo-distributed attacksgeo-distributed threatgeo-diverse activitygeo-diverse attacksgeo-locationgeographic anomalygeographic attributiongeographic dispersiongeographic distributiongeographic distribution analysisgeographic distribution: chinageographic diversitygeographic locationgeographic origingeographic sourcegeographic source: argeographic source: chinageographic source: cngeographic source: degeographic source: germanygeographic source: usgeographic targetinggeographic threatgeographic threat sourcegeographical diversitygeographical origingeographical sourcegeographically distributedgeographically distributed activitygeographically distributed attacksgeographically distributed threatgeographically diversegeographically diverse activitygeographically diverse attackgeographically diverse attacksgeographically diverse ipsgeographically diverse originsgeographically diverse sourcesgeoipgeolocated attackgeolocated ipsgeopolitical context: cngermanygermany-based activitygermany-based attackgermany-based threat actorgithubglobal activityglobal attack originglobal ip distributionglobal targetingglobal threatglobal threat activityglobal threat actorsglobal threat landscapegovernment technologygreat britaingreat britain origingreat britain-based activityhackinghealth care and social assistancehealth information technologyhealthcare information systemsheralding activityhigh abuse scorehigh bdehigh bde activityhigh bde scorehigh confidencehigh confidence indicatorhigh confidence iocshigh confidence threathigh riskhigh risk iphigh risk scorehigh severityhigh threat engagementhigh threat levelhigh threat potentialhigh threat scorehigh-risk ip activityhigh-risk ipshigh-risk isphigh-risk ispshk iphk ipshk originhk_activityhoneytrap datahoneytrap honeypothong konghong kong iphong kong ipshong kong originhong kong-based activityhospital managementhostile activityhosting provider abusehosting serviceshttp brute forcehttp port scanhttp scannerhttp scanninghttp/shttp_bruteforcehttp_httpshttpshttps port scanhttps traffici2p networkicelandicsics securityics/scada attacksidentity & access exploitationie ipie ipsimapindiaindicatorsindicators of compromiseindicators_of_compromiseindonesiaindustrial automationindustrial control systemsindustrial iotindustrial productioninformation technologyinfostealerinfostealer malwareinfrastructure abuseinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinitial access attemptinitial access attemptsinitial footholdinitial_accessinitial_access_attemptinjection activityinjection attacksinternet-facingintrusion detectioniociocsiocs identifiediocs: 50 ipsiocs: ip addressiocs: ip addressesiocs: ipsiocs:ipiot securityiot/ics attackip-addressesip-based attacksip-onlyipv4ipv4 addressipv6iq ipiq ipsiq originiraqiraq based ipiraq ip addressesiraq originiraq originating attacksirelandisp-reputationisraelit infrastructureitalyjamaicajapanjapan ip addressjapan origin ipjapan originating ipjarmjp ipjp ipskenyakfsensor honeypotknown bad actorsknown malicious hostingknown malicious ipknown malicious ispsknown threat actorsknown threat regionskoreakorea, republic ofkyrgyzstanlamplamp attacklamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stack exploitationlamp stack targetinglamp vulnerability scanlateral movementlateral movement attemptslateral movement detectionlebanonlinux serverslinux systemslinux_serverslithuanialog analysislog4jlog4shelllogin attacklogin attacksmailoney activitymailoney honeypotmalaysiamalicious activitymalicious activity detectedmalicious activity detectionmalicious behaviormalicious communicationmalicious communication detectedmalicious hostmalicious hostingmalicious hostsmalicious infrastructuremalicious ip activitymalicious ip addressesmalicious ip communicationmalicious ip indicatorsmalicious ipsmalicious ispmalicious ispsmalicious login attemptsmalicious network activitymalicious network communicationmalicious network trafficmalicious powershell activitymalicious softwaremalicious sslmalicious trafficmalicious-trafficmalicious_activitymalicious_ipmalicious_ip_activitymalwaremalware activitymalware analysismalware attemptmalware beaconingmalware behaviourmalware c2malware capturemalware cncmalware communicationmalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptsmalware downloadmalware hostingmalware indicatorsmalware infectionmalware propagationmalware propagation attemptmalware propagation attemptsmalware trafficmanufacturing technologymass scanningmedical servicesmexicomitre att&ck mappingmitre-attackmobile threatmodbus attacksmongoliamonthlymoroccomssqlmulti-cloud managementmulti-country activitymulti-country attackmulti-country originmulti-national activitymulti-national originmulti-national originsmulti-national threatmulti-origin reconnaissance activitymulti-regional activitymulti-regional attackmulti-source attackmulti-source correlationmultiple countriesmultiple countries originmultiple geographic locationsmultiple geographic originsmultiple geolocation sourcesmultiple ipsmultiple locationsmultiple origin attackmultiple origin countriesmultiple origin ipsmultiple origin pointsmultiple originating countriesmultiple originating ipsmultiple originsmultiple regionsnation-state activitynepalnetherlandsnetherlands originnetworknetwork activitynetwork analysisnetwork anomaliesnetwork anomalynetwork anomaly detectionnetwork attacksnetwork behavior analysisnetwork communicationnetwork device attacksnetwork device probingnetwork devicesnetwork discoverynetwork enumerationnetwork exploitationnetwork infiltrationnetwork infrastructurenetwork infrastructure targetednetwork intrusionnetwork intrusion activitynetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork intrusions detectednetwork monitoring recommendednetwork probenetwork probesnetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork servicesnetwork threatnetwork threat activitynetwork trafficnetwork traffic analysisnetwork traffic monitoringnetwork-based attack attemptsnetwork-intrusionnetwork_attacknetwork_devicenetwork_enumerationnetwork_indicatorsnetwork_reconnetwork_reconnaissancenew zealandnextraynigerianorth americanorwayobserved iocsoceaniaopen proxyopportunistic attackorganized cybercrimeorganized threat actorsoriginating ipsos credential dumpingoutbound trafficp0fpanamaparaguaypassword attackpassword attackspatient carepattern-32pattern-38payment processingperimeter devicesphilippinesphishingphishing attackphishing attacksphishing trappolandport-scanport-scanningpossible aptpossible apt activitypossible botnetpossible botnet activitypossible brute forcepossible c2 activitypossible c2 communicationpossible compromisepossible coordinated attackpossible credential accesspossible credential stuffingpossible exploit attemptspossible exploitationpossible initial accesspossible intrusionpossible intrusion attemptpossible lateral movementpossible malwarepossible malware c2possible malware distributionpossible malware infectionpossible malware propagationpossible port scanningpossible reconnaissancepossible state-sponsored activitypossible threat actorspotential abusepotential aptpotential apt activitypotential attackpotential attack originpotential attack sourcepotential botnetpotential botnet activitypotential brute forcepotential c2potential c2 activitypotential compromisepotential coordinated activitypotential coordinated attackpotential coordinationpotential credential compromisepotential data breachpotential data exfiltrationpotential ddos preparationpotential dos preparationpotential exploitpotential exploit attemptpotential exploitationpotential initial accesspotential intrusionpotential intrusion attemptpotential lateral movementpotential malicious activitypotential malicious actorpotential malwarepotential malware activitypotential malware beaconingpotential malware communicationpotential malware distributionpotential malware infectionpotential network intrusionpotential network reconnaissancepotential reconnaissancepotential reconnaissance activitypotential state-sponsored activitypotential threatpotential threat activitypotential threat actorpotential threat actorspotential vulnerability exploitationpotential_intrusionpotentially compromised hostspotentially maliciousproactive defenseprocess injectionprocess manufacturingprotocol exploitationprotocol scanningprotocol: unspecifiedprotocol:ftpprotocol:httpprotocol:httpsprotocol:rdpprotocol:smtpprotocol:sshprotocol:telnetprotocol_scanningproxyproxy activityproxy detectionproxy ipsproxy networkproxy serverproxy serverspublic administrationpublic infrastructurepublic policyqatarquality controlransomwareratrcerdp attacksrdp protocolrdp_attemptsrdp_brute_forcereconnaissancereconnaissance activityredis honeypotregional securityregulatory agenciesremote accessremote access attemptremote access attemptsremote access trojanremote code executionremote file executionremote service exploitationremote servicesremote services exploitationrepublic ofreputation-based blockingresearchedresidential proxyresource developmentresource hijackingromaniaru ip addressesrussiarussia originrussian federations7comm attackssaudi arabiascams & fraudscannerscannersscanning activityscanning and reconnaissancescanning_activityscope: broadscripting attackssecurity alertsecurity incidentsecurity operationssecurity policysecurity_eventsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionserbiaserver exploitationservice discoveryservice enumerationservice scanservice scanningsftp access attemptsftp access attemptssftp attacksftp attackssftp attemptsftp exploitation attemptsftp probingsingaporesingapore ipsingapore originsingapore originating attackssip attackssip brute forcesip scansip scanningsmb attackssmb brute forcesmb scanningsmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsoftware developmentsoftware exploitationsouth africasouth americaspainspamspamhausspammingsql injectionsshssh attackssh attacksssh monitoringssh protocolssh_attemptsssh_brute_forcessh_bruteforcesslssl certificatessl certificate analysisssl certificate enrichmentssl certificate validationssl certificate verificationssl communicationssl enrichmentssl-enrichmentssl/tlsssl/tls enrichmentssl_analysisstealcstix 2.1stix formatstix-2.1supply chain attacksupply chain managementsupply-chainsuspected intrusionsuspected lateral movementsuspected malicious activitysuspected malicious trafficsuspected malwaresuspected unauthorized accesssuspected_attacksuspicious-udpsuspicioustrafficswedensynsyn scansyrian arab republicsystem accesssystem discoveryt1001t1003t1005t1006t1016t1016.001t1018t1021t1021.001t1021.002t1021.004t1027t1036.006t1040t1041t1043t1046t1047t1049t1053t1053.005t1055t1057t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.002t1071.003t1071.004t1075t1076t1077t1078t1078.001t1078.002t1078.004t1082t1083t1086t1087t1090t1090 - proxyt1090 proxyt1090.002t1090.003t1095t1102t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1132.002t1133t1140t1189t1190t1195t1195.002t1203t1204t1204.002t1210t1219t1486t1496t1499.001t1499.002t1499.003t1505.002t1547.001t1550t1555t1555.003t1563t1564.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1568.002t1569t1570t1571t1572t1573t1573.001t1573.002t1583t1583.001t1583.006t1584t1585t1586t1587.001t1588t1588.002t1588.004t1589t1589.001t1589.002t1590t1590.001t1590.002t1590.005t1590.006t1592t1592.002t1595t1595 active scanningt1595.001t1595.002t1595.003t1598tactic: credential accesstactic: discoverytaiwantannertanner activitytanner interactionstargeting databasetcp protocoltcp scanningteam cymrutelecommunicationstelnet attackstelnet threattelnet_attemptstencenttencent asntencent cloudtencent hostingtencent infrastructuretencent iptencent ipstencent network abusetencent related activitytftpthreat actorthreat actor activitythreat actor attributionthreat actor infrastructurethreat actor: unknownthreat actorsthreat assessmentthreat detectionthreat hostingthreat hosting infrastructurethreat hosting ispthreat infrastructurethreat intel feedthreat intelligencethreat intelligence feedthreat level: highthreat monitoringthreat preventionthreat sourcethreat-actor:unattributedthreat-intelthreat-intelligencethreat_activitythreat_actor_activitythreat_indicatorthreat_intelligencethreat_intelligence_feedtlstortor exit nodetor networktor network activitytor nodetor_exit_nodetpottraffic analysistraffic anomaliestraffic anomalytraffic monitoringtsecturkeyuk based ipsuk ip addressuk originating ipukraineunattributed activityunattributed threat actorunattributed_threat_activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized network accessunidentified threat actorunited arab emiratesunited kingdomunited kingdom ipunited kingdom originunited statesunited states ipunited states ipsunited states originunknown adversaryunknown threat actorunusual network trafficus activityus based attacksus based ipsus ip addressus ip addressesus originus origin ipus originatingus originating attacksus originating ipus originating ipsus-based activityus-based threat actorus-based threat actorsus-related activityus_activityusa based ipsusa based threatsusa originusa-based attackusa-based threatuz ip addressesuz originuzbekistanuzbekistan based ipuzbekistan ip addressesuzbekistan originuzbekistan originating attacksuzbekistan-based activityvalid accountsvenezuela, bolivarian republic ofviet namvietnamvnc protocolvoipvoip attackvpnvpn ipvpn networkvpn servicevpn trafficvulnerability scanvulnerability-exploitationwealth managementweb apisweb app attackweb application attackweb application attacksweb application scanweb application scanningweb applicationsweb attackweb developmentweb exploitweb exploitationweb hostingweb infrastructureweb protocolsweb scannerweb scannersweb server attacksweb service scanningweb servicesweb shell uploadsweb spamweb technologiesweb trafficweb_applicationweb_attacks

Activity Timeline

1 total obs

Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

64%

Confidence

Reports

First seenAug 26, 2020

Last seenJun 4, 2026

GeolocationDE

CountryGermany

LocationHaßfurt, Bayern

ASNAS205100

OrgF3 Netze e.V

Coords50.0352, 10.5156

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Anonymization_Network indicators. Date: Apr 8, 2026. Part 1/5. For more threat intelligence visit https://ltna.com.au/cyber
raw: inetnum: 185.220.100.240 - 185.220.100.255 descr: Network for Tor-Exit traffic. remarks: ----------------------------------- remarks: This network is used for Tor Exits. remarks: We do not have any logs at all. remarks: For more information please visit: remarks: https://www.torproject.org remarks: ----------------------------------- remarks: Dieses Netz hostet nur Tor-Exits. remarks: Wir haben keinerlei Logs. remarks: Mehr Informationen unter: remarks: https://www.torproject.org remarks: ----------------------------------- netname: TOR-EXIT country: DE admin-c: FN2977-RIPE tech-c: FN2977-RIPE status: ASSIGNED PA mnt-by: F3NETZE created: 2020-01-15T18:58:08Z last-modified: 2021-03-22T21:10:04Z source: RIPE org: ORG-FNE6-RIPE organisation: ORG-FNE6-RIPE org-name: F3 Netze e.V. country: DE org-type: OTHER address: Am Hafen 6 address: 97437 Hassfurt address: DE abuse-c: AA32807-RIPE mnt-ref: F3NETZE mnt-ref: ZWIEBELFREUNDE mnt-by: F3NETZE created: 2017-11-06T17:07:57Z last-modified: 2022-12-01T17:12:28Z source: RIPE # Filtered role: F3Netze NOC address: F3 Netze e.V. address: Am Hafen 6 address: 97437 Hassfurt address: Germany admin-c: TN3638-RIPE admin-c: CR8822-RIPE admin-c: FB15623-RIPE admin-c: TK7920-RIPE tech-c: TN3638-RIPE tech-c: CR8822-RIPE tech-c: FB15623-RIPE tech-c: TK7920-RIPE nic-hdl: FN2977-RIPE mnt-by: F3NETZE created: 2018-03-26T10:57:36Z last-modified: 2019-10-04T14:16:13Z source: RIPE # Filtered route: 185.220.100.0/24 origin: AS205100 mnt-by: F3NETZE created: 2018-02-18T18:17:41Z last-modified: 2018-02-18T18:17:41Z source: RIPE
references: https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://check.torproject.org/torbulkexitlist, https://github.com/telekom-security/tpotce

`185.220.100.255`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy