185.243.218.225
IP Intelligence Briefing: 185.243.218.225/32
*Generated via IPDebrief Threat Intelligence Platform*
---
**Key Risk Indicators**
- Risk Score: 59 (Moderate Risk)
- Threat Type: Tor exit node activity detected
- Network Role: Identified as a Tor Exit Node (multi-service host)
- Geolocation: Norway (Sandefjord), registered to AS56655-MNT
---
**Threat Observations**
- Tor Exit Indicators: Confirmed Tor exit node activity, potentially used for anonymized malicious traffic.
- Services:
- Open ports: HTTP (80), SSH (22)
- Server banner: Apache/2.4.58 (Ubuntu)
- TLS/SSL: No certificate data reported
- DNS: PTR record points to `tor-exit.lokodlare.com` (hosted domain: `lokodlare.com`).
- Subnet Abuse: Subnet `185.243.218.0/24` has 28.57% abuse density, with 2 of 7 sibling IPs flagged as moderate/high risk.
---
**Network Relationships**
- Shared Network: Linked to GIGAHOST-NET (AS56655).
- Neighbor IPs:
- 185.243.218.226 (Risk: 25)
- 185.243.218.229β233 (Risk: 25β66)
- 185.243.218.231 (Risk: 59, same as target)
- Subnet Classification: Mixed (legitimate and risky IPs).
---
**Historical Trends**
- Signal Stability: Minimal risk score (0.25) observed over 49 data points (June 15β16, 2026).
- Threat Persistence: No long-term malicious activity detected; threat observation count: 1.
---
**Recommended Actions**
1. Monitor Traffic: Investigate outbound traffic from this IP for potential data exfiltration or C2 communications.
2. Block Tor Exit Nodes: Consider blocking Tor exit nodes in your network to mitigate anonymized attack vectors.
3. Subnet Review: Assess the `185.243.218.0/24` subnet for compromised hosts, given its abuse density.
4. DNS Monitoring: Track `lokodlare.com` for malicious activity tied to the Tor exit node.
---
Conclusion: This IP is associated with Tor exit node activity, which could indicate use in covert malicious operations. While its immediate risk is moderate, the subnetβs mixed abuse profile warrants further scrutiny. SOC teams should prioritize monitoring and blocking Tor-related traffic to reduce exposure.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | AS56655-MNT |
| ASN | AS56655 |
| Network Name | β |
| CIDR Block | β |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | tor-exit.lokodlare.com |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | tor-exit.lokodlare.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Multi-Service Host |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 443, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | Apache/2.4.58 (Ubuntu) |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 34% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 30% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 26% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:39 UTC |
| Last Seen | 2026-06-26 21:06:48 UTC |
| Profile Built | 2026-06-27 10:35:12 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 52 |
Full dossier details are available via our API.