Check an IP Address, Domain Name, Subnet, or ASN

185.220.101.132 was found in our database!

$ whois 185.220.101.132

country·🇩🇪 Germany

city·Brandenburg

isp·Stiftung Erneuerbare Freiheit

asn·AS60729

network·Tor Exit Node

$ sikker risk 185.220.101.132scoring →

confidence

43%Medium

first_seen·Feb 28, 2026

last_seen·2h ago

sessions·16

events·16

$ sikker protocols 185.220.101.132

POSTGRES

10 / 10

RDP

2 / 2

SMB

2 / 2

SSH

2 / 2

$ sikker summary 185.220.101.132

185.220.101.132 has a threat confidence score of 43%. This IP address from Germany (AS60729, Stiftung Erneuerbare Freiheit) has been observed in 16 honeypot sessions targeting POSTGRES, RDP, SMB, SSH protocols. This IP is a known Tor exit node. First observed on February 28, 2026, most recently active April 30, 2026.

$ sikker behaviors 185.220.101.132catalog →

mediumRdp Legacy Plaintext Authentication Attempt1x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

$ sikker primitives 185.220.101.132

smb_empty_rpc_call1 smb_ipc_share_access1 smb_netlogon_share_access1 rdp_legacy_plaintext_authenthication1

$ sikker related 185.220.101.132

🇩🇪·More threats fromGermany→AS·More threats fromStiftung Erneuerbare Freiheit→POST·More threats targetingPOSTGRES→RDP·More threats targetingRDP→SMB·More threats targetingSMB→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
185.220.101.153	75%	170
185.220.101.186	81%	79
185.220.101.137	35%	12
185.220.101.146	75%	48
185.220.101.181	48%	20

IP Address	Confidence	Events
136.243.146.61	95%	22
193.24.211.52	80%	186
159.100.20.23	77%	223
89.163.204.62	87%	96,159
208.115.224.247	97%	310