Demo Report — These are real Tor exit nodes with real AbuseIPDB data. This is what a HIGH-threat report looks like. Run your own lookup →
Community Intel Preview

When you generate your own report and opt in, ip2geo cross-references your IPs against anonymized data from other users this week. The Community column shows how many other ip2geo reports contained the same IP — corroborating active threats and flagging escalating campaigns.

This is what the Community column looks like in the Top Threat Sources table:

IPCategoryCommunity
185.220.101.xScanning23 reports
193.32.162.xVPN/Proxy8 reports
192.168.x.xResidential

Residential IPs are never collected. 52-week retention. Privacy policy

Try with your own IPs →

Threat Report

59 IPs · March 30, 2026

HIGH THREAT

This traffic matches a coordinated port scan originating from Stiftung Erneuerbare Freiheit (AS60729) and F3 Netze e.V. (AS205100) infrastructure. 80% of IPs are from known scanning infrastructure. The CIDR ranges below cover these networks permanently — blocking them stops the rotation.

AbuseIPDB independently verified 19 of 25 top IPs as known attackers (average confidence: 99%).

Analyzed 59 IPs, verified top threats against AbuseIPDB, extracted CIDR prefixes from 5 ASNs.

What to do next

  1. Download a block script below, or copy the CIDR ranges and add them to your firewall directly — blocking by range is more resilient as IPs rotate.
  2. Verify in your firewall logs that traffic from these sources drops within a few minutes.
  3. Check back in 48 hours: submit new logs to confirm the blocking worked.

ASN Ranges to Block

AS60729 Stiftung Erneuerbare Freiheit 3 ranges
185.177.207.0/24 185.220.101.0/24 185.220.102.0/24
AS205100 F3 Netze e.V. 1 range
185.220.100.0/24
AS16276 OVH SAS 2 ranges
5.39.50.0/24 5.39.0.0/17
AS9009 M247 Ltd 2 ranges
45.141.215.0/24 45.141.208.0/21
AS62240 Clouvider Ltd 1 range
192.241.128.0/21

Block Rules

Range-based rules stay valid as IPs rotate. Download a ready-to-run script, or plain text for paste-in to a web firewall or ipset.

Block Script Filter — 47 of 47 IPs in block scripts
ASN Categories
Countries ⇧ multi-select

Top Threat Sources — showing 25 of 25

IP ASN Org Category Hits AbuseIPDB
185.220.101.1 AS60729 Stiftung Erneuerbare Freiheit scanning 12x 100
185.220.101.2 AS60729 Stiftung Erneuerbare Freiheit scanning 10x 100
185.220.101.3 AS60729 Stiftung Erneuerbare Freiheit scanning 9x 100
185.220.101.4 AS60729 Stiftung Erneuerbare Freiheit scanning 8x 100
185.220.101.5 AS60729 Stiftung Erneuerbare Freiheit scanning 8x 100
185.220.101.6 AS60729 Stiftung Erneuerbare Freiheit scanning 7x 100
185.220.101.7 AS60729 Stiftung Erneuerbare Freiheit scanning 7x 100
185.220.101.8 AS60729 Stiftung Erneuerbare Freiheit scanning 6x 100
185.220.101.9 AS60729 Stiftung Erneuerbare Freiheit scanning 6x 100
185.220.101.10 AS60729 Stiftung Erneuerbare Freiheit scanning 5x 100
185.220.101.11 AS60729 Stiftung Erneuerbare Freiheit scanning 5x 100
185.220.101.12 AS60729 Stiftung Erneuerbare Freiheit scanning 4x 100
185.220.101.13 AS60729 Stiftung Erneuerbare Freiheit scanning 4x 100
185.220.101.14 AS60729 Stiftung Erneuerbare Freiheit scanning 4x 100
5.39.50.1 AS16276 OVH SAS scanning 4x 85
185.220.101.15 AS60729 Stiftung Erneuerbare Freiheit scanning 3x 100
5.39.50.2 AS16276 OVH SAS scanning 3x 74
45.141.215.1 AS9009 M247 Ltd vpn 3x 62
185.220.100.240 AS205100 F3 Netze e.V. scanning 2x 100
185.220.100.241 AS205100 F3 Netze e.V. scanning 2x 100
185.220.100.242 AS205100 F3 Netze e.V. scanning 2x 100
5.39.50.3 AS16276 OVH SAS scanning 2x 71
5.39.50.4 AS16276 OVH SAS scanning 2x 68
45.141.215.2 AS9009 M247 Ltd vpn 2x 55
45.141.215.3 AS9009 M247 Ltd vpn 2x 48

Top 25 by weighted frequency (scanning/VPN weighted 2×). Hits = times this IP appeared in your submitted log. AbuseIPDB score 0–100; a score of 0 means no community reports on file — common for Asian ISP ranges that are underreported in AbuseIPDB, not a signal the IP is clean.

View all 59 IPs   New Lookup