104.244.73.193
IP Intelligence Briefing: 104.244.73.193
*Generated via IPDebrief Analysis*
---
**1. Core Profile**
- Risk Score: 59 (Moderate Risk)
- Provider: BuyVM (ASN 53667)
- Geolocation: Phoenix, AZ, US (ARIN-registered)
- Threat Indicators:
- Identified as a Tor exit node (high-risk for anonymity-based abuse).
- Listed in 1 DNSBL (open resolver).
- Network Role: Tor exit node (firewalled, no services detected).
- DNS:
- PTR hostname: `tor-exit.for-privacy.net`
- SPF/DMArc records detected for `for-privacy.net`.
---
**2. Observation History**
- Recent Activity:
- Tor exit node activity observed (1 observation in last 7 days).
- DNS validation issues (ICMP blocked, unable to confirm geolocation).
- BGP route stability: 0 route changes in 30 days.
- Risk Trends:
- Stable moderate risk score (59) since first observation.
- No signs of persistent malicious activity.
---
**3. Relationships**
- Network Associations:
- Linked to BUYVM-LUXEMBOURG-01 (same /24 subnet).
- DNS Associations:
- Resolves to `tor-exit.for-privacy.net` (hostname with SPF/DMArc).
- Threat Context:
- No direct malware campaigns or known attacker associations.
---
**4. Neighborhood Analysis**
- Subnet: `104.244.73.0/24`
- Abuse Density: 85.7% (high abuse risk subnet).
- Neighbor IPs:
- 6 active siblings (192 total in subnet).
- 6 neighbors flagged as medium-risk (40β59 score).
- High-risk neighbors: 0.
---
**5. Recommendations**
- Monitor Traffic: Track Tor exit node activity due to privacy risks.
- Block/Rate Limit: Consider blocking outbound traffic to this IP if Tor exit node activity is suspicious.
- DNSBL Check: Verify if the IP is listed in additional DNSBLs.
- Subnet Review: Investigate the high-abuse subnet (`104.244.73.0/24`) for broader risk exposure.
---
Note: This IP is associated with Tor exit infrastructure, which may be used for legitimate privacy purposes or malicious activities. Further analysis of traffic patterns and threat feeds is recommended.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | BuyVM |
| ASN | AS53667 |
| Network Name | β |
| CIDR Block | 104.244.73.0/24 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | tor-exit.for-privacy.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | tor-exit.for-privacy.net |
π DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | 2025-12-03T00:00:00+00:00 |
| Valid Until | 2026-07-25T00:00:00+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 234 days |
| Serial Number | 00EA970D3FC0FDE9D9 |
| Thumbprint | 80D00A2399E903700DEA36218A235CDFA323CA7C |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 17% | 2 | 3 |
| services | 32% | 2 | 3 |
| ownership | 32% | 3 | 8 |
| reputation | 30% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 29% | 12 | 24 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:51 UTC |
| Last Seen | 2026-06-28 19:33:15 UTC |
| Profile Built | 2026-06-29 01:35:48 UTC |
| Data Freshness | Live |
| Signal Types | 31 |
| Total Observations | 54 |
Full dossier details are available via our API.