205.185.113.180
IP Intelligence Briefing: 205.185.113.180
Date: 2026-06-09
---
**Key Threat Indicators**
- Tor Exit Node: Confirmed as a Tor exit node (IS_TOR = true), associated with `tor-exit.cubicchaos.net`.
- Risk Profile: Moderate risk (Risk Score: 59). Subnet abuse density is 0 but contains 2 medium-risk siblings.
- Threat Observations:
- Tor exit indicators observed.
- DNSSEC and CAA records validated; no spam or attacker reputation flags.
---
**Network & Ownership**
- Provider: FranTech Solutions (ASN: 53667).
- Geolocation: Las Vegas, NV, US.
- Services:
- Open ports: HTTP (80), HTTPS (443).
- Nginx server banner: `nginx/1.28.3`.
- SSL/TLS certificate: Issued to `uni.cubicchaos.net` (Letβs Encrypt).
---
**Historical Activity**
- Observation History:
- Consistent Tor exit node classification over 54 observations.
- No significant changes in risk scores or network behavior.
- Stability score: 0 (no recent anomalies).
---
**Network Relationships**
- DNS: Linked to `tor-exit.cubicchaos.net` (PTR confirmed).
- Subnet: Part of `205.185.113.0/24`, with 3 active siblings (2 medium-risk, 1 low-risk).
- BGP: Route stability confirmed; no recent route changes.
---
**Recommended Actions**
1. Block Tor Exit Nodes: If not required, add rules to block Tor exit nodes (e.g., `iptables -A INPUT -s 205.185.113.180 -j DROP`).
2. Monitor Subnet: Investigate medium-risk neighbors (e.g., `205.185.113.8`, `205.185.113.112`).
3. DNS Monitoring: Watch `tor-exit.cubicchaos.net` for additional malicious activity.
---
Summary: This IP serves as a Tor exit node with moderate risk. While not directly malicious, its association with Tor and mixed subnet risk levels warrants monitoring. Implement network segmentation and block Tor traffic if not required.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | FranTech Solutions |
| ASN | AS53667 |
| Network Name | β |
| CIDR Block | 205.185.112.0/20 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | tor-exit.cubicchaos.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | tor-exit.cubicchaos.net |
π DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | nginx/1.31.2 |
| HTTP Title | β |
π TLS Certificate
| SANs | ech.uni.cubicchaos.net |
| Valid From | 2026-06-19T17:22:45+00:00 |
| Valid Until | 2026-09-17T17:22:44+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 05C9646F64E1C321346CE2576C6558855167 |
| Thumbprint | EDE666B56525164CFB721606CDD63447D95731AA |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 17% | 2 | 3 |
| services | 30% | 2 | 3 |
| ownership | 19% | 3 | 4 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 25% | 12 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:40 UTC |
| Last Seen | 2026-06-28 19:15:52 UTC |
| Profile Built | 2026-06-29 07:20:32 UTC |
| Data Freshness | Live |
| Signal Types | 28 |
| Total Observations | 53 |
Full dossier details are available via our API.