185.220.101.140
IP Intelligence Briefing: 185.220.101.140
Date: 2026-06-09
---
**1. Core Profile**
- Risk Score: Moderate (55/100) | Provider Score: N/A | Authority Score: N/A
- Ownership: Registered to CIA TRIAD SECURITY LLC (AS60729, RIPE).
- Geolocation:
- Country: United States (US) | Region: Brandenburg (Germany)
- City: Brandenburg an der Havel | Coordinates: 52.6171°N, 13.1207°E
- Accuracy: 3,750 km radius (geo-plausible).
- Network Role: Identified as a Tor Exit Node (provider: Tor Exit Nodes).
---
**2. Threat Indicators**
- No Direct Threats: No malicious indicators, spam, or known attacker associations.
- DNS Listings:
- Listed in 3/8 DNSBLs (e.g., Spamhaus, Project Honey Pot).
- Risk Category: Low severity (e.g., "high" severity listings).
- Tor Exit Risks:
- Tor exits are often used for anonymity but can be exploited for C2, data exfiltration, or phishing.
---
**3. Observation History (Last 30 Days)**
- Stability: Unstable (route changes detected).
- Geolocation Consistency: 5 probes confirmed (avg RTT: 110.6 ms, min RTT: 107 ms).
- DNS Activity:
- PTR hostname: `tor-exit-140.relayon.org`.
- No active services or TLS certificates detected.
---
**4. Relationships & Network Context**
- Linked Entities:
- Network: "RELAYON" (likely Tor-related infrastructure).
- Subnet: `185.220.101.0/24` (142 IPs total).
- Neighbors:
- Abuse Density: 0.7% (low).
- High-Risk Neighbors: 1 (185.220.101.140/24).
- Clean Subnet: Most IPs are low-risk, but 94 IPs are medium-risk.
---
**5. Recommendations**
- Monitor Traffic: Due to Tor exit status, monitor for C2 activity or data exfiltration.
- Block/Rate-Limit: Consider blocking traffic from this subnet if itβs part of a larger malicious network.
- Verify Ownership: Cross-check CIA TRIAD SECURITY LLCβs legitimacy (AS60729).
- Geolocation Discrepancy: Investigate why the IP reports a US country code but is located in Germany.
---
Conclusion:
The IP is a Tor exit node registered to a security LLC, with no direct malicious activity detected. However, Tor exits are inherently risky and should be treated as potential vectors for advanced threats. Prioritize monitoring and restrict access if the network is part of a larger suspicious infrastructure.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | CIA TRIAD SECURITY LLC |
| ASN | AS60729 |
| Network Name | β |
| CIDR Block | β |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | tor-exit-140.relayon.org |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | tor-exit-140.relayon.org |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 19% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 18% | 1 | 2 |
| geolocation | 27% | 2 | 3 |
| Overall | 19% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:41 UTC |
| Last Seen | 2026-06-26 21:06:49 UTC |
| Profile Built | 2026-06-27 17:40:47 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 49 |
Full dossier details are available via our API.