Threat Report

Demo Report — These are real Tor exit nodes with real AbuseIPDB data. This is what a HIGH-threat report looks like. Run your own lookup →

51 IPs · April 12, 2026

HIGH THREAT

51 IPs analyzed 75% scanning/proxy 2 ASNs AbuseIPDB avg 100%

This traffic matches a coordinated port scan originating from Stiftung Erneuerbare Freiheit (AS60729) and F3 Netze e.V. (AS205100) infrastructure. 75% of IPs are from known scanning infrastructure. The CIDR ranges below cover these networks permanently — blocking them stops the rotation.

AbuseIPDB independently verified 25 of 25 top IPs as known attackers (average confidence: 100%).

ASN Ranges to Block

AS60729 Stiftung Erneuerbare Freiheit 3 ranges

185.177.207.0/24 185.220.101.0/24 185.220.102.0/24

AS205100 F3 Netze e.V. 1 range

185.220.100.0/24

Block Rules

Click a format to preview, then copy or download.

Block by Range

Block by IP

Ranges cover all current and future IPs from these networks — attackers rotate IPs, ranges don’t.

↓ Download

#!/bin/bash
# ip2geo threat report — iptables block rules (ASN ranges)
# Generated: 2026-04-19
# Token: 00000000-0000-0000-0000-000000000000
# Block 4 CIDR ranges covering scanning/VPN ASN prefixes

set -euo pipefail
iptables -A INPUT -s 185.177.207.0/24 -j DROP
iptables -A INPUT -s 185.220.101.0/24 -j DROP
iptables -A INPUT -s 185.220.102.0/24 -j DROP
iptables -A INPUT -s 185.220.100.0/24 -j DROP

↓ Download

#!/bin/bash
# ip2geo threat report — ufw block rules (ASN ranges)
# Generated: 2026-04-19
# Token: 00000000-0000-0000-0000-000000000000
# Block 4 CIDR ranges covering scanning/VPN ASN prefixes

set -euo pipefail
ufw deny from 185.177.207.0/24 to any
ufw deny from 185.220.101.0/24 to any
ufw deny from 185.220.102.0/24 to any
ufw deny from 185.220.100.0/24 to any

↓ Download

# ip2geo threat report — nginx geo block (ASN ranges)
# Generated: 2026-04-19
# Token: 00000000-0000-0000-0000-000000000000
# Block 4 CIDR ranges covering scanning/VPN ASN prefixes
# Usage: include this file inside a geo $blocked_ip { } block in nginx.conf

default 0;
185.177.207.0/24 1;
185.220.101.0/24 1;
185.220.102.0/24 1;
185.220.100.0/24 1;

↓ Download

# ip2geo threat report — CIDR ranges (plain list)
# Generated: 2026-04-19
# Token: 00000000-0000-0000-0000-000000000000
# 4 CIDR ranges covering scanning/VPN ASN prefixes
# One range per line — paste into ipset, web firewall, or any blocklist tool
185.177.207.0/24
185.220.101.0/24
185.220.102.0/24
185.220.100.0/24

↓ Download

#!/bin/bash
# ip2geo threat report — iptables block rules
# Generated: 2026-04-19
# Token: 00000000-0000-0000-0000-000000000000
# Block 38 IPs flagged as scanning / proxy infrastructure

set -euo pipefail
iptables -A INPUT -s 185.220.101.1 -j DROP
iptables -A INPUT -s 185.220.101.2 -j DROP
iptables -A INPUT -s 185.220.101.3 -j DROP
iptables -A INPUT -s 185.220.101.4 -j DROP
iptables -A INPUT -s 185.220.101.5 -j DROP
iptables -A INPUT -s 185.220.101.6 -j DROP
iptables -A INPUT -s 185.220.101.7 -j DROP
iptables -A INPUT -s 185.220.101.8 -j DROP
iptables -A INPUT -s 185.220.101.9 -j DROP
iptables -A INPUT -s 185.220.101.10 -j DROP
iptables -A INPUT -s 185.220.101.11 -j DROP
iptables -A INPUT -s 185.220.101.12 -j DROP
iptables -A INPUT -s 185.220.101.13 -j DROP
iptables -A INPUT -s 185.220.101.14 -j DROP
iptables -A INPUT -s 185.220.101.15 -j DROP
iptables -A INPUT -s 185.220.101.16 -j DROP
iptables -A INPUT -s 185.220.101.17 -j DROP
iptables -A INPUT -s 185.220.101.18 -j DROP
iptables -A INPUT -s 185.220.101.19 -j DROP
iptables -A INPUT -s 185.220.101.20 -j DROP
iptables -A INPUT -s 185.220.101.21 -j DROP
iptables -A INPUT -s 185.220.101.22 -j DROP
iptables -A INPUT -s 185.220.101.23 -j DROP
iptables -A INPUT -s 185.220.100.240 -j DROP
iptables -A INPUT -s 185.220.100.241 -j DROP
iptables -A INPUT -s 185.220.101.24 -j DROP
iptables -A INPUT -s 185.220.101.25 -j DROP
iptables -A INPUT -s 185.220.100.242 -j DROP
iptables -A INPUT -s 185.220.100.243 -j DROP
iptables -A INPUT -s 185.220.100.244 -j DROP
iptables -A INPUT -s 185.220.100.245 -j DROP
iptables -A INPUT -s 185.220.100.246 -j DROP
iptables -A INPUT -s 185.220.100.247 -j DROP
iptables -A INPUT -s 185.220.100.248 -j DROP
iptables -A INPUT -s 185.220.100.249 -j DROP
iptables -A INPUT -s 185.220.100.250 -j DROP
iptables -A INPUT -s 185.220.100.251 -j DROP
iptables -A INPUT -s 185.220.100.252 -j DROP

↓ Download

#!/bin/bash
# ip2geo threat report — ufw block rules
# Generated: 2026-04-19
# Token: 00000000-0000-0000-0000-000000000000
# Block 38 IPs flagged as scanning / proxy infrastructure

set -euo pipefail
ufw deny from 185.220.101.1 to any
ufw deny from 185.220.101.2 to any
ufw deny from 185.220.101.3 to any
ufw deny from 185.220.101.4 to any
ufw deny from 185.220.101.5 to any
ufw deny from 185.220.101.6 to any
ufw deny from 185.220.101.7 to any
ufw deny from 185.220.101.8 to any
ufw deny from 185.220.101.9 to any
ufw deny from 185.220.101.10 to any
ufw deny from 185.220.101.11 to any
ufw deny from 185.220.101.12 to any
ufw deny from 185.220.101.13 to any
ufw deny from 185.220.101.14 to any
ufw deny from 185.220.101.15 to any
ufw deny from 185.220.101.16 to any
ufw deny from 185.220.101.17 to any
ufw deny from 185.220.101.18 to any
ufw deny from 185.220.101.19 to any
ufw deny from 185.220.101.20 to any
ufw deny from 185.220.101.21 to any
ufw deny from 185.220.101.22 to any
ufw deny from 185.220.101.23 to any
ufw deny from 185.220.100.240 to any
ufw deny from 185.220.100.241 to any
ufw deny from 185.220.101.24 to any
ufw deny from 185.220.101.25 to any
ufw deny from 185.220.100.242 to any
ufw deny from 185.220.100.243 to any
ufw deny from 185.220.100.244 to any
ufw deny from 185.220.100.245 to any
ufw deny from 185.220.100.246 to any
ufw deny from 185.220.100.247 to any
ufw deny from 185.220.100.248 to any
ufw deny from 185.220.100.249 to any
ufw deny from 185.220.100.250 to any
ufw deny from 185.220.100.251 to any
ufw deny from 185.220.100.252 to any

↓ Download

# ip2geo threat report — nginx geo block (individual IPs)
# Generated: 2026-04-19
# Token: 00000000-0000-0000-0000-000000000000
# Block 38 IPs flagged as scanning / proxy infrastructure
# Usage: include this file inside a geo $blocked_ip { } block in nginx.conf

default 0;
185.220.101.1 1;
185.220.101.2 1;
185.220.101.3 1;
185.220.101.4 1;
185.220.101.5 1;
185.220.101.6 1;
185.220.101.7 1;
185.220.101.8 1;
185.220.101.9 1;
185.220.101.10 1;
185.220.101.11 1;
185.220.101.12 1;
185.220.101.13 1;
185.220.101.14 1;
185.220.101.15 1;
185.220.101.16 1;
185.220.101.17 1;
185.220.101.18 1;
185.220.101.19 1;
185.220.101.20 1;
185.220.101.21 1;
185.220.101.22 1;
185.220.101.23 1;
185.220.100.240 1;
185.220.100.241 1;
185.220.101.24 1;
185.220.101.25 1;
185.220.100.242 1;
185.220.100.243 1;
185.220.100.244 1;
185.220.100.245 1;
185.220.100.246 1;
185.220.100.247 1;
185.220.100.248 1;
185.220.100.249 1;
185.220.100.250 1;
185.220.100.251 1;
185.220.100.252 1;

No console/SSH access? Block IPs directly from your hosting panel instead:

cPanel IP Blocker (Namecheap, GoDaddy, Bluehost, most shared hosts)
Plesk IP Ban (another common shared host panel)
Cloudflare IP Access Rules (if your site is proxied through Cloudflare)
DigitalOcean Cloud Firewall
Hetzner Cloud Firewall

What to paste: Expand cidr-ranges.txt above and copy the list — one range per line, works with all panels above. If your panel only accepts single IPs, copy them from the Top Threat Sources table instead.

Block Script Filter — 38 of 38 IPs in block scripts

ASN Categories Scanning (38)

Countries ⇧ multi-select

DE (38)

Top Threat Sources — showing 25 of 25

IP	ASN Org	Category	Hits	AbuseIPDB
185.220.101.1	AS60729 Stiftung Erneuerbare Freiheit	scanning	12x	100
185.220.101.2	AS60729 Stiftung Erneuerbare Freiheit	scanning	10x	100
185.220.101.3	AS60729 Stiftung Erneuerbare Freiheit	scanning	9x	100
185.220.101.4	AS60729 Stiftung Erneuerbare Freiheit	scanning	8x	100
185.220.101.5	AS60729 Stiftung Erneuerbare Freiheit	scanning	8x	100
185.220.101.6	AS60729 Stiftung Erneuerbare Freiheit	scanning	7x	100
185.220.101.7	AS60729 Stiftung Erneuerbare Freiheit	scanning	7x	100
185.220.101.8	AS60729 Stiftung Erneuerbare Freiheit	scanning	6x	100
185.220.101.9	AS60729 Stiftung Erneuerbare Freiheit	scanning	6x	100
185.220.101.10	AS60729 Stiftung Erneuerbare Freiheit	scanning	5x	100
185.220.101.11	AS60729 Stiftung Erneuerbare Freiheit	scanning	5x	100
185.220.101.12	AS60729 Stiftung Erneuerbare Freiheit	scanning	4x	100
185.220.101.13	AS60729 Stiftung Erneuerbare Freiheit	scanning	4x	100
185.220.101.14	AS60729 Stiftung Erneuerbare Freiheit	scanning	4x	100
185.220.101.15	AS60729 Stiftung Erneuerbare Freiheit	scanning	3x	100
185.220.101.16	AS60729 Stiftung Erneuerbare Freiheit	scanning	3x	100
185.220.101.17	AS60729 Stiftung Erneuerbare Freiheit	scanning	3x	100
185.220.101.18	AS60729 Stiftung Erneuerbare Freiheit	scanning	3x	100
185.220.101.19	AS60729 Stiftung Erneuerbare Freiheit	scanning	2x	100
185.220.101.20	AS60729 Stiftung Erneuerbare Freiheit	scanning	2x	100
185.220.101.21	AS60729 Stiftung Erneuerbare Freiheit	scanning	2x	100
185.220.101.22	AS60729 Stiftung Erneuerbare Freiheit	scanning	2x	100
185.220.101.23	AS60729 Stiftung Erneuerbare Freiheit	scanning	2x	100
185.220.100.240	AS205100 F3 Netze e.V.	scanning	2x	100
185.220.100.241	AS205100 F3 Netze e.V.	scanning	2x	100

Top 25 by weighted frequency (scanning/VPN weighted 2×). Hits = times this IP appeared in your submitted log. AbuseIPDB score 0–100; a score of 0 means no community reports on file — common for Asian ISP ranges that are underreported in AbuseIPDB, not a signal the IP is clean.

Community Intel Preview

Community Intel is available on paid reports. When you opt in, ip2geo cross-references your IPs against anonymized data from other users this week. The Community column shows how many other ip2geo reports contained the same IP — corroborating active threats and flagging escalating campaigns.

This is what the Community column looks like in the Top Threat Sources table:

IP	Category	Community
185.220.101.x	Scanning	23 reports
193.32.162.x	VPN/Proxy	8 reports
192.168.x.x	Residential	—

Residential IPs are never collected. 52-week retention. Privacy policy

Try with your own IPs →

View all 51 IPs New Lookup