# IP Intelligence Briefing: 107.189.10.175/32
## Executive Summary
Target IP 107.189.10.175 is a confirmed Tor exit node operated by BuyVM (ASN 53667). The IP exhibits moderate risk (score: 59) with one DNSBL listing and Tor exit node indicators. No active services are detected; the IP is firewall-configured with no open ports. The IP belongs to the 107.189.10.0/24 subnet, which shows low abuse density (0.0) and three neighboring IPs with low-risk profiles.
## Ownership and Network Classification
- Organization: BuyVM
- ASN: 53667
- Network: BUYVM-LUXEMBOURG-03
- Geolocation: US (Mersch region, 2500 km accuracy radius)
- Network Role: Tor Exit Nodes
- Infrastructure Type: Unknown
## Threat Indicators
- Risk Score: 59 (Moderate Risk)
- Tor Exit Node: Confirmed (isTorExit: true)
- Blacklist Count: 1
- DNSBL Listed: Yes (1 of 8 total lists)
- Abuse Confidence Score: Not provided
## DNS and Reverse Resolution
- PTR Hostname: LuxembourgTorNew25.Quetzalcoatl-relays.org
- Forward Resolution: LuxembourgTorNew25.Quetzalcoatl-relays.org
- Domain: Quetzalcoatl-relays.org
- Forward Confirmed: No
## Service and Port Analysis
- Open Ports: None detected
- HTTP Services: None
- TLS Certificates: None
- Status: Firewalled / No Services
## Neighborhood Analysis (107.189.10.0/24)
- Subnet Abuse Density: 0.5
- Classification: Mostly Clean
- Total Siblings: 4
- Active Siblings: 3
- Threat Siblings: 2
- Inherited Risk Score: 5
- Neighbor Risk Distribution: 0 High, 0 Medium, 3 Low
Neighbor IPs:
| IP Address | Risk Score | Authority Score |
|---|---|---|
| 107.189.10.124 | 25 | 50 |
| 107.189.10.234 | 25 | 50 |
| 107.189.10.248 | 25 | 60 |
## Observation History
- Total Observations: 55
- Recent Activity: June 19-20, 2026
- Operator Score: Consistent at 0.2609
- Network Classification: Consistently identified as "Tor Exit Nodes"
- Threat Persistence: 0 days
- Ownership Changes: 0
- Persistence Assessment: Not persistently malicious
## BGP and Control Plane
- Origin ASN: 53667
- BGP Prefix: 107.189.8.0/22
- AS Path: 6939 β 53667
- Route Stability: Stable (0 route changes in 30 days)
- RPKI State: Not provided
- DNSSEC Valid: Yes
- Hop Count: 14
## SOC Recommendations
1. Monitor for C2 Traffic: As a Tor exit node, this IP may be used for command-and-control communications or anonymized traffic. Monitor outbound connections from internal systems to this IP.
2. Firewall Rule Consideration: Block inbound connections to this IP. Outbound connections may be permitted depending on security policy.
3. Contextual Analysis: If this IP appears in logs, correlate with destination ports and payload data to determine legitimate use (e.g., legitimate Tor relay traffic vs. malicious C2).
4. Neighborhood Context: The 107.189.10.0/24 subnet shows low abuse density with three low-risk neighbors, suggesting the IP's risk is isolated to its Tor function rather than broader subnet compromise.
5. Threat Intelligence Integration: Add to Tor exit node watchlist for potential abuse detection.
## Risk Assessment
The IP presents moderate risk primarily due to its function as a Tor exit node. The absence of open services reduces the likelihood of direct exploitation. The consistent network classification and stable BGP routing indicate this is an operational Tor node rather than a compromised infrastructure. SOC teams should focus on monitoring outbound traffic patterns and correlating with threat intelligence feeds for Tor-based attacks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | BuyVM |
| ASN | AS53667 |
| Network Name | β |
| CIDR Block | 107.189.8.0/22 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | LuxembourgTorNew25.Quetzalcoatl-relays.org |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | LuxembourgTorNew25.Quetzalcoatl-relays.org |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 17% | 2 | 3 |
| services | 12% | 2 | 2 |
| ownership | 22% | 3 | 4 |
| reputation | 28% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 22% | 12 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:41 UTC |
| Last Seen | 2026-06-28 19:20:54 UTC |
| Profile Built | 2026-06-29 07:25:14 UTC |
| Data Freshness | Live |
| Signal Types | 28 |
| Total Observations | 51 |
Full dossier details are available via our API.