185.220.101.39
IP Intelligence Briefing: 185.220.101.39
*Generated via IPDebrief Analysis*
---
**Key Findings**
1. Threat Profile:
- High Risk: Score of 70 (Tor exit node indicator).
- Tor Exit Node: Confirmed as a Tor exit node, associated with `tor-exit-39.for-privacy.net`.
- Geolocation: Brandenburg, Germany (latitude 51.17, longitude 10.45).
- Ownership: Managed by FORPRIVACYNET-MNT (RIPE registry), with abuse contact available.
2. Network Behavior:
- Subnet: 185.220.101.0/24.
- Subnet Risk: Abuse density of 5.63%, with 8 malicious siblings detected.
- BGP Data: Route stability confirmed; AS path includes 6939 (Cogent Communications), 29670 (D-Link), and 60729 (FORPRIVACYNET-MNT).
3. Threat Indicators:
- Tor Exit Node: Observed as a Tor exit node, which can be used for anonymizing malicious traffic.
- DNS Associations: Linked to `tor-exit-39.for-privacy.net` (hostname).
4. Historical Observations:
- First recorded in 2026; no significant changes in risk profile.
- Consistent Tor exit node activity, with no evidence of pivoting or lateral movement.
5. Relationships:
- Connected to other Tor exit nodes and the `tor-exit-39.for-privacy.net` hostname.
- No direct links to known malicious campaigns or C2 infrastructure.
---
**Recommended Actions**
- Monitor Traffic: Track traffic originating from this IP, as Tor exit nodes are often used in phishing, malware distribution, and data exfiltration.
- Block if Unnecessary: If this IP is not part of legitimate Tor usage, consider blocking it to mitigate potential risks.
- Investigate Subnet: Review the 185.220.101.0/24 subnet for additional Tor-related activity due to the presence of malicious siblings.
---
**Conclusion**
The IP 185.220.101.39 is a Tor exit node associated with a privacy-focused network. While it may have legitimate use cases, its high-risk profile and Tor association warrant close monitoring. SOC teams should prioritize inspecting traffic from this IP and its subnet for signs of malicious activity.
*Data sourced from IPDebrief threat intelligence platform.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | FORPRIVACYNET-MNT |
| ASN | AS60729 |
| Network Name | โ |
| CIDR Block | 185.220.101.0/24 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | tor-exit-39.for-privacy.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | tor-exit-39.for-privacy.net |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 27% | 3 | 4 |
| reputation | 26% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 26% | 12 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 13:35:48 UTC |
| Last Seen | 2026-06-26 21:06:51 UTC |
| Profile Built | 2026-06-27 15:38:51 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 55 |
Full dossier details are available via our API.