IP Intelligence Briefing: 185.220.100.240
*Generated via IPDebrief Analysis*
---
**Risk Profile**
- Reputation: High Risk (Risk Score: 70)
- Threat Indicators:
- Identified as a Tor exit node (confirmed via multiple threat feeds).
- Listed in 4 DNSBLs (DNS-based blackhole lists).
- Observed Tor exit indicators in network traffic.
- Ownership:
- Assigned to F3NETZE (ASN 205100), a German organization.
- No abuse contact details publicly available.
- Geolocation:
- Located in Amsterdam, Germany (latitude 51.17, longitude 10.45).
- Geolocation accuracy radius: 400 km.
---
**Network Behavior**
- Services:
- No open ports or active services detected.
- TLS/HTTP services not observed.
- Network Role:
- Classified as a Tor exit node (provider: Tor Exit Nodes).
- No cloud, CDN, or mobile carrier associations.
- Subnet Analysis:
- Part of 185.220.100.0/24 subnet.
- Subnet abuse density: 0 (clean classification).
- 15 sibling IPs in the subnet, all with medium-low risk (70/60 scores).
---
**Threat Observations**
- Historical Activity:
- First observed on 2026-06-09 (likely test data or misreported timestamp).
- No persistent malicious activity detected (threat observation count: 1).
- Relationships:
- Linked to tor-exit-13.zbau.f3netze.de (DNS hostname).
- No direct connections to known malicious organizations or campaigns.
---
**Recommendations**
1. Monitor Tor Exit Traffic:
- This IP is a Tor exit node, which may be used for anonymized malicious activities.
- Investigate traffic patterns associated with this IP for potential data exfiltration or command-and-control (C2) communications.
2. Block Tor Exit Nodes:
- Add this IP to firewall rules (e.g., iptables/nftables) to restrict access to internal networks.
- Consider blocking the entire 185.220.100.0/24 subnet if Tor exit node activity is a priority.
3. Verify DNS Associations:
- Analyze the tor-exit-13.zbau.f3netze.de hostname for additional threat indicators.
4. Check Subnet Context:
- While the subnet is clean, the IPโs Tor exit role warrants closer scrutiny.
---
Note: This IP is associated with Tor infrastructure, which is inherently risky due to its anonymity capabilities. Ensure visibility into traffic flows originating from or terminating at this IP.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | F3NETZE |
| ASN | AS205100 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | tor-exit-13.zbau.f3netze.de |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | tor-exit-13.zbau.f3netze.de |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 13:35:42 UTC |
| Last Seen | 2026-06-26 21:06:49 UTC |
| Profile Built | 2026-06-27 12:09:43 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 49 |
Full dossier details are available via our API.