185.220.100.252
IP Intelligence Briefing: 185.220.100.252
Date: 2026-06-09
---
**Threat Assessment**
- Risk Score: 70/100 (High Risk)
- Threat Type: Tor Exit Node (confirmed)
- Provider: F3NETZE (Germany)
- Geolocation: Amsterdam, Germany (51.17°N, 10.45°E)
- Network Role: Tor exit node, classified as "Firewalled / No Services"
Key Indicators:
- Tor Exit Node: Strong signal (100% confidence) linked to `tor-exit-1.zbau.f3netze.de`.
- DNS Associations: Resolves to `tor-exit-1.zbau.f3netze.de` (F3NETZE domain).
- Subnet Risk: 15 neighbors in 185.220.100.0/24, with 100% of siblings scoring โฅ55 risk. Subnet abuse density: 0% (clean).
---
**Ownership & Infrastructure**
- AS: AS205100 (F3NETZE)
- ISP: F3NETZE (Germany)
- Services: No open ports or TLS certificates detected.
- Routing: BGP prefix 185.220.100.0/24, stable route (no recent changes).
---
**Behavioral & Network Context**
- Historical Signals:
- 1 observation of Tor exit node activity (2026-06-09).
- DNSSEC valid, no CAA records detected.
- Subnet Activity:
- 15 neighbors in the same /24 subnet.
- 100% of siblings have โฅ55 risk scores, indicating potential coordinated activity.
---
**Recommendations**
1. Monitor Traffic: Block or monitor traffic to/from this IP due to Tor exit node association.
2. Subnet Analysis: Investigate the 185.220.100.0/24 subnet for potential botnet or malicious activity.
3. DNS Monitoring: Watch for DNS queries to `tor-exit-1.zbau.f3netze.de` and related domains.
4. Threat Intelligence: Cross-reference with Tor exit node lists and dark web activity feeds.
Note: No direct malicious activity observed, but association with Tor infrastructure warrants vigilance.
---
Source: IPDebrief Threat Intelligence Platform
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | F3NETZE |
| ASN | AS205100 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | tor-exit-1.zbau.f3netze.de |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | tor-exit-1.zbau.f3netze.de |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 13:35:42 UTC |
| Last Seen | 2026-06-26 21:06:49 UTC |
| Profile Built | 2026-06-27 12:09:43 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 50 |
Full dossier details are available via our API.