102.206.117.134
IP Intelligence Briefing: 102.206.117.134
*Generated via IPDebrief Network Intelligence Tools*
---
**1. Core Profile**
- Risk Score: 70 (High Risk)
- Ownership:
- ASN: 328723
- Organization: *Sabrina Lenz*
- Subnet: 102.206.117.0/24
- Geolocation:
- Country: South Africa (ZA)
- Timezone: Africa/Johannesburg
- Threat Indicators:
- Tor exit node detected
- 1 blacklist listing
- No known attacker/spam associations
---
**2. Network & Service Details**
- Network Role:
- Identified as a Tor Exit Node
- Subnet abuse density: 1/10 (low)
- Services:
- Open ports: HTTP (80), HTTPS (443), SSH (22)
- SSH banner: *SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16*
- TLS certificate: Self-signed, issued to *Nepenthes Development Team* (DE)
- Control Plane:
- BGP path: `3741 329206 328723`
- Route stability: Stable (no recent changes)
- DNSSEC: Valid
---
**3. Observation History (30-Day Trend)**
- Key Signals:
- Tor exit node activity detected on 2026-06-09
- No persistent malicious behavior (threat persistence days: 0)
- Subnet abuse density remains low (1/10)
- Risk Trends:
- No significant changes in risk score or threat indicators
---
**4. Relationship & Neighborhood Data**
- Subnet Relationships:
- Shared network: 102.206.117.0/24
- Total siblings: 2 IPs (1 active, 1 flagged)
- Neighbor IPs:
- 102.206.117.212: Risk score 25 (low risk)
- Subnet classification: *mostly_clean*
---
**5. Threat Assessment & Recommendations**
- Threat Level: High-risk Tor exit node with no known malicious campaigns.
- Actionable Steps:
- Monitor for outbound traffic via Tor (port 443/80) and SSH (port 22).
- Investigate the self-signed TLS certificate and SSH service configuration.
- Consider blocking Tor exit nodes in firewall rules (e.g., iptables, Cloudflare WAF).
- Verify if the subnet (102.206.117.0/24) has any additional risks via neighbor analysis.
SOC Note: This IP is a known Tor exit node, which could be used for obfuscating malicious activity. While the subnet is otherwise clean, its association with Tor requires heightened monitoring.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Sabrina Lenz |
| ASN | AS328723 |
| Network Name | 102.206.117.0 - 102.206.117.255 |
| CIDR Block | 102.206.117.0/24 |
| RIR | AFRINIC |
| Country | ZA |
| Abuse Contact | β |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | nginx |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 40% | 2 | 4 |
| routing | 40% | 2 | 3 |
| services | 37% | 2 | 3 |
| ownership | 39% | 3 | 3 |
| reputation | 33% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 35% | 12 | 18 |
| Data Coherence | Mixed Signals (68%) β 2 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
β TLS certificate claims DE but primary geo says ZA
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:51 UTC |
| Last Seen | 2026-06-11 01:07:11 UTC |
| Profile Built | 2026-06-11 02:18:51 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 34 |
Full dossier details are available via our API.