Threat Report
51 IPs · April 12, 2026
HIGH THREAT
51 IPs analyzed
75% scanning/proxy
2 ASNs
AbuseIPDB avg 100%
This traffic matches a coordinated port scan originating from Stiftung Erneuerbare Freiheit (AS60729) and F3 Netze e.V. (AS205100) infrastructure. 75% of IPs are from known scanning infrastructure. The CIDR ranges below cover these networks permanently — blocking them stops the rotation.
AbuseIPDB independently verified 25 of 25 top IPs as known attackers (average confidence: 100%).
ASN Ranges to Block
01 / RANGES
AS60729
Stiftung Erneuerbare Freiheit
3 ranges
185.177.207.0/24
185.220.101.0/24
185.220.102.0/24
AS205100
F3 Netze e.V.
1 range
185.220.100.0/24
Block Rules
02 / RULESClick a format to preview, then copy or download.
Block by Range
Block by IP
Ranges cover all current and future IPs from these networks — attackers rotate IPs, ranges don’t.
#!/bin/bash # ip2geo threat report — iptables block rules (ASN ranges) # Generated: 2026-05-19 # Token: 00000000-0000-0000-0000-000000000000 # Block 4 CIDR ranges covering scanning/VPN ASN prefixes set -euo pipefail iptables -A INPUT -s 185.177.207.0/24 -j DROP iptables -A INPUT -s 185.220.101.0/24 -j DROP iptables -A INPUT -s 185.220.102.0/24 -j DROP iptables -A INPUT -s 185.220.100.0/24 -j DROP
#!/bin/bash # ip2geo threat report — ufw block rules (ASN ranges) # Generated: 2026-05-19 # Token: 00000000-0000-0000-0000-000000000000 # Block 4 CIDR ranges covering scanning/VPN ASN prefixes set -euo pipefail ufw deny from 185.177.207.0/24 to any ufw deny from 185.220.101.0/24 to any ufw deny from 185.220.102.0/24 to any ufw deny from 185.220.100.0/24 to any
# ip2geo threat report — nginx geo block (ASN ranges)
# Generated: 2026-05-19
# Token: 00000000-0000-0000-0000-000000000000
# Block 4 CIDR ranges covering scanning/VPN ASN prefixes
# Usage: include this file inside a geo $blocked_ip { } block in nginx.conf
default 0;
185.177.207.0/24 1;
185.220.101.0/24 1;
185.220.102.0/24 1;
185.220.100.0/24 1;
# ip2geo threat report — CIDR ranges (plain list) # Generated: 2026-05-19 # Token: 00000000-0000-0000-0000-000000000000 # 4 CIDR ranges covering scanning/VPN ASN prefixes # One range per line — paste into ipset, web firewall, or any blocklist tool 185.177.207.0/24 185.220.101.0/24 185.220.102.0/24 185.220.100.0/24
#!/bin/bash # ip2geo threat report — iptables block rules # Generated: 2026-05-19 # Token: 00000000-0000-0000-0000-000000000000 # Block 38 IPs flagged as scanning / proxy infrastructure set -euo pipefail iptables -A INPUT -s 185.220.101.1 -j DROP iptables -A INPUT -s 185.220.101.2 -j DROP iptables -A INPUT -s 185.220.101.3 -j DROP iptables -A INPUT -s 185.220.101.4 -j DROP iptables -A INPUT -s 185.220.101.5 -j DROP iptables -A INPUT -s 185.220.101.6 -j DROP iptables -A INPUT -s 185.220.101.7 -j DROP iptables -A INPUT -s 185.220.101.8 -j DROP iptables -A INPUT -s 185.220.101.9 -j DROP iptables -A INPUT -s 185.220.101.10 -j DROP iptables -A INPUT -s 185.220.101.11 -j DROP iptables -A INPUT -s 185.220.101.12 -j DROP iptables -A INPUT -s 185.220.101.13 -j DROP iptables -A INPUT -s 185.220.101.14 -j DROP iptables -A INPUT -s 185.220.101.15 -j DROP iptables -A INPUT -s 185.220.101.16 -j DROP iptables -A INPUT -s 185.220.101.17 -j DROP iptables -A INPUT -s 185.220.101.18 -j DROP iptables -A INPUT -s 185.220.101.19 -j DROP iptables -A INPUT -s 185.220.101.20 -j DROP iptables -A INPUT -s 185.220.101.21 -j DROP iptables -A INPUT -s 185.220.101.22 -j DROP iptables -A INPUT -s 185.220.101.23 -j DROP iptables -A INPUT -s 185.220.100.240 -j DROP iptables -A INPUT -s 185.220.100.241 -j DROP iptables -A INPUT -s 185.220.101.24 -j DROP iptables -A INPUT -s 185.220.101.25 -j DROP iptables -A INPUT -s 185.220.100.242 -j DROP iptables -A INPUT -s 185.220.100.243 -j DROP iptables -A INPUT -s 185.220.100.244 -j DROP iptables -A INPUT -s 185.220.100.245 -j DROP iptables -A INPUT -s 185.220.100.246 -j DROP iptables -A INPUT -s 185.220.100.247 -j DROP iptables -A INPUT -s 185.220.100.248 -j DROP iptables -A INPUT -s 185.220.100.249 -j DROP iptables -A INPUT -s 185.220.100.250 -j DROP iptables -A INPUT -s 185.220.100.251 -j DROP iptables -A INPUT -s 185.220.100.252 -j DROP
#!/bin/bash # ip2geo threat report — ufw block rules # Generated: 2026-05-19 # Token: 00000000-0000-0000-0000-000000000000 # Block 38 IPs flagged as scanning / proxy infrastructure set -euo pipefail ufw deny from 185.220.101.1 to any ufw deny from 185.220.101.2 to any ufw deny from 185.220.101.3 to any ufw deny from 185.220.101.4 to any ufw deny from 185.220.101.5 to any ufw deny from 185.220.101.6 to any ufw deny from 185.220.101.7 to any ufw deny from 185.220.101.8 to any ufw deny from 185.220.101.9 to any ufw deny from 185.220.101.10 to any ufw deny from 185.220.101.11 to any ufw deny from 185.220.101.12 to any ufw deny from 185.220.101.13 to any ufw deny from 185.220.101.14 to any ufw deny from 185.220.101.15 to any ufw deny from 185.220.101.16 to any ufw deny from 185.220.101.17 to any ufw deny from 185.220.101.18 to any ufw deny from 185.220.101.19 to any ufw deny from 185.220.101.20 to any ufw deny from 185.220.101.21 to any ufw deny from 185.220.101.22 to any ufw deny from 185.220.101.23 to any ufw deny from 185.220.100.240 to any ufw deny from 185.220.100.241 to any ufw deny from 185.220.101.24 to any ufw deny from 185.220.101.25 to any ufw deny from 185.220.100.242 to any ufw deny from 185.220.100.243 to any ufw deny from 185.220.100.244 to any ufw deny from 185.220.100.245 to any ufw deny from 185.220.100.246 to any ufw deny from 185.220.100.247 to any ufw deny from 185.220.100.248 to any ufw deny from 185.220.100.249 to any ufw deny from 185.220.100.250 to any ufw deny from 185.220.100.251 to any ufw deny from 185.220.100.252 to any
# ip2geo threat report — nginx geo block (individual IPs)
# Generated: 2026-05-19
# Token: 00000000-0000-0000-0000-000000000000
# Block 38 IPs flagged as scanning / proxy infrastructure
# Usage: include this file inside a geo $blocked_ip { } block in nginx.conf
default 0;
185.220.101.1 1;
185.220.101.2 1;
185.220.101.3 1;
185.220.101.4 1;
185.220.101.5 1;
185.220.101.6 1;
185.220.101.7 1;
185.220.101.8 1;
185.220.101.9 1;
185.220.101.10 1;
185.220.101.11 1;
185.220.101.12 1;
185.220.101.13 1;
185.220.101.14 1;
185.220.101.15 1;
185.220.101.16 1;
185.220.101.17 1;
185.220.101.18 1;
185.220.101.19 1;
185.220.101.20 1;
185.220.101.21 1;
185.220.101.22 1;
185.220.101.23 1;
185.220.100.240 1;
185.220.100.241 1;
185.220.101.24 1;
185.220.101.25 1;
185.220.100.242 1;
185.220.100.243 1;
185.220.100.244 1;
185.220.100.245 1;
185.220.100.246 1;
185.220.100.247 1;
185.220.100.248 1;
185.220.100.249 1;
185.220.100.250 1;
185.220.100.251 1;
185.220.100.252 1;
Block Script Filter — 38 of 38 IPs in block scripts
ASN Categories
Countries ⇧ multi-select
Top Threat Sources — showing 25 of 25
03 / SOURCES| IP | ASN Org | Category | Hits | AbuseIPDB |
|---|---|---|---|---|
| 185.220.101.1 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 12x | 100 |
| 185.220.101.2 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 10x | 100 |
| 185.220.101.3 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 9x | 100 |
| 185.220.101.4 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 8x | 100 |
| 185.220.101.5 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 8x | 100 |
| 185.220.101.6 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 7x | 100 |
| 185.220.101.7 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 7x | 100 |
| 185.220.101.8 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 6x | 100 |
| 185.220.101.9 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 6x | 100 |
| 185.220.101.10 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 5x | 100 |
| 185.220.101.11 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 5x | 100 |
| 185.220.101.12 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 4x | 100 |
| 185.220.101.13 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 4x | 100 |
| 185.220.101.14 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 4x | 100 |
| 185.220.101.15 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 3x | 100 |
| 185.220.101.16 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 3x | 100 |
| 185.220.101.17 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 3x | 100 |
| 185.220.101.18 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 3x | 100 |
| 185.220.101.19 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 2x | 100 |
| 185.220.101.20 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 2x | 100 |
| 185.220.101.21 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 2x | 100 |
| 185.220.101.22 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 2x | 100 |
| 185.220.101.23 | AS60729 Stiftung Erneuerbare Freiheit | scanning | 2x | 100 |
| 185.220.100.240 | AS205100 F3 Netze e.V. | scanning | 2x | 100 |
| 185.220.100.241 | AS205100 F3 Netze e.V. | scanning | 2x | 100 |
Top 25 by weighted frequency (scanning/VPN weighted 2×). Hits = times this IP appeared in your submitted log. AbuseIPDB score 0–100; a score of 0 means no community reports on file — common for Asian ISP ranges that are underreported in AbuseIPDB, not a signal the IP is clean.