IPDebrief

104.244.73.14

IP Intelligence Dossier
Your IP: 216.73.217.135
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 104.244.73.14

Date: 2026-06-09

---

**Key Findings**

1. Threat Profile

- Risk Score: Moderate (59/100).

- Threat Indicators: Identified as a Tor exit node with observed Tor exit activity.

- Network Role: Classified as a Tor Exit Node, associated with the hostname `tor.bottomservices.club`.

- Ownership: Registered to BuyVM (ASN 53667), with geolocation in Phoenix, AZ, US.

2. Network Context

- Subnet Abuse Density: High (0.8571) for `104.244.73.0/24`, classified as high_abuse.

- Neighbors: 6 active IPs in the subnet, with 5 showing moderate risk scores (40–59). Notable peers include:

- `104.244.73.43` (59/100), `104.244.73.136` (59/100), and `104.244.73.190` (59/100).

- Routing: BGP path `6939 53667`, stable with no recent route changes.

3. Observation History

- Recent Activity:

- Tor exit indicators observed since 2026-06-09.

- DNS resolution to `tor.bottomservices.club` (forward confirmed).

- Stability: Operator score (0.3913) suggests basic network reliability.

4. Relationships

- DNS Associations: Linked to `tor.bottomservices.club`.

- Network Peers: Same subnet (`BUYVM-LUXEMBOURG-01`).

---

**Actionable Intelligence**

- Monitor traffic from this IP for Tor exit node activity or malicious payload exfiltration.

- Investigate `tor.bottomservices.club` for potential command-and-control (C2) or phishing ties.

- Consider blocking or restricting traffic from the `104.244.73.0/24` subnet due to high abuse density.

- Check if neighboring IPs (e.g., `104.244.73.43`, `104.244.73.136`) are associated with known malicious campaigns.

- Apply rules to block Tor exit node traffic (e.g., via iptables, Cloudflare WAF, or AWS WAF).

- Flag DNS queries to `tor.bottomservices.club` for further analysis.

---

Conclusion: This IP is part of a Tor exit node network with elevated risk due to its association with Tor and a high-abuse subnet. While not directly malicious, its role in anonymizing traffic and the subnet’s abuse density warrant close monitoring. SOC teams should prioritize isolating or mitigating traffic from this subnet to reduce exposure to Tor-based threats.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionAZ
CityPhoenix
Timezoneβ€”
Latitude47.14
Longitude8.16

🏒 Ownership & Registration

OrganizationBuyVM
ASNAS53667
Network Nameβ€”
CIDR Block104.244.73.0/24
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTRtor.bottomservices.club
Forward ConfirmedYes β€” FCrDNS verified
Forward Hostnamestor.bottomservices.club

πŸ” DNS Hygiene

Hygiene Score40% (Fair)
SPFNot configured
DMARCNot configured
FCrDNSVerified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureUnknown
Service PurposeWeb Server
Network TierUnknown β€” Insufficient routing data to classify
No specific classification

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
443httpstcpβ€”
22sshtcp
Closed Ports25, 80, 3389, 8080, 8443 (2 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”
SSH VersionSSH-2.0-OpenSSH_10.0p2 Debian-7+deb13u4

πŸ” TLS Certificate

πŸ”’
CN=www.a64o52y7bmc.net
Issued by CN=www.tvjyr4gwwbtd.com
Self-signed: No
SANsNone
Valid From2026-04-04T00:00:00+00:00
Valid Until2026-11-05T23:59:59+00:00
TLS ProtocolTls13
Cipher SuiteTLS_AES_256_GCM_SHA384
Signature Algorithmsha256RSA
Validity Period215 days
Serial Number00A4C6A3D3CDB97465
ThumbprintED0A56F41831E99B45A595E00951378704DC304F

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
31%
24
routing
42%
27
services
34%
23
ownership
29%
36
reputation
28%
13
geolocation
33%
23
Overall33%1226
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (70%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-22 13:35:44 UTC
Last Seen2026-06-28 19:26:39 UTC
Profile Built2026-06-29 14:22:29 UTC
Data FreshnessLive
Signal Types31
Total Observations62
πŸ” 31 signal types Β· 62 observations collected
This report is generated from 31+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.