Threat LevelCRITICAL80/1002 rule types across 2 attack categories
5 incidents on record · 2 rule types · active attacker + blocklisted · last seen 2d ago · bulletproof hosting
| PTR | N/A |
| Org / ASN | Feo Prest SRL |
| Country | 🇩🇪 Germany |
| City | Augsburg, Bavaria |
| Timezone | Europe/Berlin |
Iranian Attack InfrastructureFEO PREST SRL (Iran)
This IP originates from an Iranian netblock (FEO PREST SRL range) that is among the most heavily reported attack infrastructure in global threat databases, with adjacent IPs accumulating over 326,000 independent abuse reports and 100% abuse confidence ratings. The scale and duration of abuse is consistent with state-adjacent or professionally-operated Iranian offensive infrastructure targeting servers globally.
Attack Analysis
IDS: Blocklist — Spamhaus DROP
This IP is on the Spamhaus DROP list — a dataset of netblocks hijacked or leased by professional spam and cybercrime operations with no legitimate users. Traffic from DROP-listed ranges is considered hostile by design. Blocking is unconditional.
Suricata IDS Alert
Suricata intrusion detection flagged this IP for malicious network behaviour — including port scanning, exploit attempts, botnet activity, or known attack signatures. The specific signature is shown in the report list below.
Reports (5)
| Date | Severity | Description |
|---|---|---|
| 11 Jun 2026 - 02:09 | high | IDS: Blocklist — Spamhaus DROP listed IP — ET DROP Spamhaus DROP Listed Traffic Inbound group 64 |
| 11 Jun 2026 - 02:09 | medium | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
| 10 Jun 2026 - 18:57 | high | IDS: Blocklist — Spamhaus DROP listed IP — ET DROP Spamhaus DROP Listed Traffic Inbound group 64 |
| 10 Jun 2026 - 18:56 | high | IDS: Blocklist — Spamhaus DROP listed IP |
| 10 Jun 2026 - 18:56 | medium | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
EagleEye Intelligence