185.220.101.144
IP Intelligence Briefing: 185.220.101.144
Date: 2026-06-09
**Key Findings**
1. Threat Indicators:
- Tor Exit Node: Confirmed as a Tor exit relay (PTR hostname: `tor-exit-144.relayon.org`).
- Risk Score: 70/100 (High Risk), flagged for Tor exit activity and potential abuse.
- Abuse Density: Subnet (`185.220.101.0/24`) has 0.7% abuse density, with 1 high-risk neighbor.
2. Ownership & Geolocation:
- ASN 60729: Owned by CIA TRIAD SECURITY LLC (RIPE registry).
- Geolocation: Listed as Brandenburg an der Havel, Germany (latitude/longitude missing), but IP metadata suggests U.S. origin. Discrepancy noted.
3. Network Role:
- Identified as a Tor Exit Node with no open services or TLS certificates.
- No cloud, CDN, or residential indicators.
4. Observation History:
- Single observation recorded (June 9, 2026) with moderate confidence (0.60).
- No persistent malicious activity or campaign correlations.
5. Relationships:
- Linked to RELAYON network (Tor relay infrastructure).
- No direct ties to known attackers or spam sources.
6. Recommended Actions:
- Block via Firewall:
- `iptables -A INPUT -s 185.220.101.144 -j DROP`
- `nft add rule inet filter input ip saddr 185.220.101.144 drop`
- Monitor Traffic: Increase logging verbosity for anonymous traffic originating from this IP.
**Conclusion**
This IP is a Tor exit node associated with a low-visibility relay. While the subnet has minimal abuse density, the high risk score and Tor exit indicators warrant close monitoring. SOC teams should block this IP and validate geolocation discrepancies. No immediate signs of active exploitation, but its role in Tor infrastructure may pose indirect risks.
Source: IPDebrief Threat Intelligence Platform.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | CIA TRIAD SECURITY LLC |
| ASN | AS60729 |
| Network Name | β |
| CIDR Block | β |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | tor-exit-144.relayon.org |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | tor-exit-144.relayon.org |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 20% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:41 UTC |
| Last Seen | 2026-06-26 21:06:48 UTC |
| Profile Built | 2026-06-27 17:44:17 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 49 |
Full dossier details are available via our API.