IP Address

185.218.138.12

IPv4 Public
US US
AS205997
Vlad Cojuhari
1,256 Reports
This IP is on the Blacklist High confidence threat - blocking recommended
7/10 Threat
91% Confidence
1,256 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Moderate Risk
US
US Location
Vlad Cojuhari ASN 205997
1,256 Reports
Honeypot Data Source

Elevated Risk

IP 185.218.138.12 is a medium-high risk address associated with sustained port scanning activity detected across multiple automated honeypot sensors. With a threat level of 7/10 and an activity frequency score of 8/10, this IP has accumulated 1,199 total abuse reports over approximately three months, indicating persistent and systematic network reconnaissance rather than opportunistic or transient scanning.

The reporting window spans March 2026 through June 2026, with 20 recent reports specifically documenting port scanning behavior. Detection originated from 20 distinct automated honeypot sensors, yielding a 91% confidence score that the observed activity is malicious. Geographically located in the United States and operating under AS205997 (Vlad Cojuhari), this address exhibits a high-volume probing pattern consistent with dedicated reconnaissance infrastructure. The CiscoASA probe pattern documented in the attack data suggests targeted scanning of Cisco firewall and security appliance management interfaces, which are prevalent in enterprise environments worldwide.

Port scanning constitutes the reconnaissance phase of the cyberattack lifecycle, enabling threat actors to map network defenses, identify accessible services, and catalog potential entry points before launching targeted exploitation attempts. The specific focus on CiscoASA devices indicates interest in perimeter security hardware, which, if successfully compromised, could provide broad network access. The volume and consistency of reports over a three-month period suggest this scanning is methodical and goal-directed rather than random or incidental traffic.

Site operators should implement strict ingress firewall rules blocking unused ports and protocols, minimizing the attack surface exposed to external reconnaissance. Network monitoring tools should be configured to detect and alert on scanning patterns consistent with the activity observed. Deploying automated dynamic blocking solutions such as fail2ban can proactively deny repeated probes from high-risk addresses. Finally, organizations running CiscoASA or similar perimeter security devices should ensure management interfaces are not exposed to untrusted networks and are protected by strong authentication, access control lists, and regular security audits.

More threatening than 74% of monitored IPs

Threat Categories

Port Scan 30

Technical Details

Port scanning identifies open services and potential attack vectors on target systems as reconnaissance for attacks.

Recommended Mitigations

Minimize exposed services, implement firewall rules, and monitor for scanning patterns.

Behavioral Analysis

Activity Pattern: Sporadic

Irregular burst activity pattern indicates intermittent use of a compromised system.

First Observed 12. May 2026
Last Activity 9. June 2026
Recent (7 days) 182 incidents

Reputable Network

This IP is hosted on a network (ASN 205997) with generally good reputation. The ISP Vlad Cojuhari maintains standard security practices.

The malicious activity may represent an isolated compromised system rather than systematic abuse.

Security Recommendations

Implement adaptive blocking rules.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 7/10 High
High
Activity Frequency 8/10 High
Confidence Score 91% Verified

Confidence History

8. Jun 2026 - 9. Jun 2026
91% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
New Port Scan Honeypot 75%
10 of 1256 shown

Technical Details

Basic Information

IP Address
185.218.138.12
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class B

Geolocation

Country
US US
ASN
AS205997
ISP
Vlad Cojuhari

DNS Information

Reverse DNS
None
PTR Record
No
Connection Type
Static

Statistics

Total Reports
1,256
First Reported
2 Mar 2026
Last Reported
9 Jun 2026, 06:17

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS205997
Vlad Cojuhari
US US

Network Threat Assessment

1/10
This network appears to be relatively clean with very low threat indicators.

Network Statistics

9
Total IPs Monitored
4,334
Total Reports
481.6
Reports per IP

Network Context

This IP address belongs to Vlad Cojuhari (AS205997), which manages 9 IP addresses in our monitoring system. Out of these, 4,334 have been reported for suspicious activities, resulting in a network-wide threat level of 1/10.

Network status: This network appears to be well-maintained with low threat indicators.

Comparative Analysis

How this IP compares to others in our threat intelligence database

74 %

Global Threat Ranking

This IP is more threatening than 74% of all IPs in our database.

Above Average Threat

Global Comparison

Compared against 199,223 reported IPs worldwide

Threat Level 7/10 avg: 5.3 +
Total Reports 1,256 avg: 23 ++

Network Comparison

Compared against 12 IPs in ASN 205997

Threat Level 7/10 network avg: 7.8 =
Total Reports 1,256 network avg: 678 ++
Network Vlad Cojuhari has overall threat level 1/10

Geographic Comparison

Compared against 38,421 IPs in US

Threat Level 7/10 country avg: 5.9 +
Total Reports 1,256 country avg: 41 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

186,914 threat incidents tracked globally • Last 24h: 18,893 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US THIS IP
    38,421 20.6%
  2. 02
    IN
    India IN
    28,931 15.5%
  3. 03
    CN
    China CN
    26,004 13.9%
  4. 04
    BR
    Brazil BR
    10,236 5.5%
  5. 05
    DE
    Germany DE
    7,138 3.8%
  6. 06
    SG
    Singapore SG
    6,475 3.5%
  7. 07
    ID
    Indonesia ID
    5,522 3%
  8. 08
    RU
    Russia RU
    4,700 2.5%
  9. 09
    PK
    Pakistan PK
    4,646 2.5%
  10. 10
    NL
    Netherlands NL
    4,354 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same subnet range, likely same network segment.

8 Related IPs
7.8/10 Avg Threat
92% Avg Confidence
8 High Threat
High-risk network: Majority of related IPs are flagged
185.218.138.58 8/10
Confidence 94%
Reports 64
Location US US
28 Apr 2026
185.218.138.59 10/10
Confidence 94%
Reports 44
Location US US
28 Apr 2026
185.218.138.11 7/10
Confidence 91%
Reports 1,517
Location US US
9 Jun 2026
185.218.138.14 7/10
Confidence 91%
Reports 1,449
Location US US
9 Jun 2026
185.218.138.13 8/10
Confidence 91%
Reports 1,381
Location US US
9 Jun 2026
185.218.138.10 7/10
Confidence 91%
Reports 882
Location US US
17 May 2026
185.218.138.39 7/10
Confidence 91%
Reports 807
Location US US
17 May 2026
185.218.138.15 8/10
Confidence 91%
Reports 718
Location US US
9 May 2026

IPs from the same country with similar threat profiles.

15 Related IPs
8.3/10 Avg Threat
100% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
208.109.188.137 8/10
Confidence 100%
Reports 513
ISP GO-DADDY-COM-LLC
9 Jun 2026
50.6.7.129 8/10
Confidence 100%
Reports 447
ISP ORACLE-BMC-31898
22 May 2026
72.167.150.128 8/10
Confidence 100%
Reports 429
ISP GO-DADDY-COM-LLC
27 May 2026
50.6.229.148 8/10
Confidence 100%
Reports 346
ISP ORACLE-BMC-31898
9 May 2026
87.121.84.30 8/10
Confidence 100%
Reports 295
ISP Vpsvault.host Ltd
20 Apr 2026
50.6.226.221 10/10
Confidence 100%
Reports 223
ISP ORACLE-BMC-31898
2 Mar 2026
31.57.184.107 8/10
Confidence 100%
Reports 202
ISP Netiface LLC
3 Jun 2026
64.31.25.250 8/10
Confidence 100%
Reports 176
ISP Limestone Netwo...
8 Jun 2026
74.206.180.196 8/10
Confidence 100%
Reports 143
ISP MOJOHOST
4 Jun 2026
35.226.7.126 8/10
Confidence 100%
Reports 131
ISP Google LLC
18 May 2026
147.135.37.185 8/10
Confidence 100%
Reports 131
ISP OVH SAS
14 May 2026
162.241.152.21 8/10
Confidence 100%
Reports 126
ISP Network Solutio...
8 Jun 2026
38.95.35.74 8/10
Confidence 100%
Reports 112
ISP Limestone Netwo...
2 Jun 2026
50.6.169.131 8/10
Confidence 100%
Reports 106
ISP Network Solutio...
6 Jun 2026
162.214.206.32 10/10
Confidence 100%
Reports 98
ISP Unified Layer
30 May 2026

IPs with similar threat level and confidence scores.

15 Related IPs
8.4/10 Avg Threat
91% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
172.110.223.33 8/10
Confidence 91%
Reports 6,480
Location HK HK
9 Jun 2026
94.154.35.215 10/10
Confidence 91%
Reports 5,696
Location NL NL
9 Jun 2026
176.65.149.224 10/10
Confidence 91%
Reports 4,961
Location NL NL
9 Jun 2026
176.65.149.67 10/10
Confidence 91%
Reports 4,060
Location NL NL
9 Jun 2026
176.65.149.30 10/10
Confidence 91%
Reports 3,885
Location NL NL
9 Jun 2026
194.50.16.198 8/10
Confidence 91%
Reports 2,443
Location NL NL
13 May 2026
91.92.243.76 8/10
Confidence 91%
Reports 1,757
Location US US
9 Jun 2026
185.218.138.11 7/10
Confidence 91%
Reports 1,517
Location US US
9 Jun 2026
185.218.138.14 7/10
Confidence 91%
Reports 1,449
Location US US
9 Jun 2026
137.184.112.192 8/10
Confidence 91%
Reports 1,418
Location US US
9 Jun 2026
185.218.138.13 8/10
Confidence 91%
Reports 1,381
Location US US
9 Jun 2026
88.210.63.3 8/10
Confidence 91%
Reports 1,372
Location UA UA
9 Jun 2026
92.63.197.80 8/10
Confidence 91%
Reports 1,346
Location UA UA
9 Jun 2026
92.63.197.79 8/10
Confidence 91%
Reports 1,328
Location UA UA
9 Jun 2026
88.210.63.5 8/10
Confidence 91%
Reports 1,303
Location UA UA
9 Jun 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "185.218.138.12",
    "threat_level": 7,
    "confidence_score": 91,
    "total_reports": 1256,
    "country_code": "US",
    "isp_name": "Vlad Cojuhari",
    "asn": "205997",
    "first_reported": "2026-03-02 22:43:36",
    "last_reported": "2026-06-09 06:17:52",
    "exported_at": "2026-06-09T07:04:36+02:00",
    "source": "https://reportedip.de/ip/185.218.138.12/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses