IPDebrief

107.189.14.4

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 107.189.14.4

Date: 2026-06-15

---

**1. Core Profile**

- Country: US (claimed), but geolocation data suggests Luxembourg with a 2500km accuracy radius.

- Region/City: Luxembourg (discrepancy noted).

- Tor exit node activity observed.

- 1 DNSBL listing (potential abuse).

- Classified as a Tor exit node with no active services or hosting.

- BGP origin ASN: 53667 (FranTech Solutions).

---

**2. Observation History**

- Consistent observations since 2026-06-14.

- Risk score remains stable at 59.

- No significant changes in geolocation or threat signals.

- No spikes in malicious activity or network instability.

- Low subnet abuse density (1/24 subnet).

---

**3. Relationships & Network Context**

- Subnet: 107.189.14.4/24 (abuse density: 1/24).

- Associated with PONYNET-11 network (repeated in relationships).

- 107.189.14.43: Risk score 59 (similar to target).

- 107.189.14.106: Risk score 0 (low risk).

---

**4. Threat & Risk Analysis**

- High risk for covert malicious activity (e.g., C2, data exfiltration).

- Geolocation discrepancy raises suspicion of spoofing or misconfigured infrastructure.

- DNSSEC valid, but PTR hostname points to a Tor relay (`Quetzalcoatl-relays.org`).

- BGP route stable (no recent changes).

---

**5. Recommended Actions**

1. Monitor Traffic:

- Scrutinize traffic originating from this IP, especially outbound connections to known malicious domains.

2. Block Tor Exit Nodes:

- Add to firewall rules (e.g., iptables, Cloudflare WAF) to block Tor exit traffic.

3. Verify Geolocation:

- Investigate the Luxembourg geolocation anomaly to rule out spoofing.

4. Subnet Review:

- Assess the 107.189.14.4/24 subnet for potential collateral risk from neighboring IPs.

---

Conclusion:

This IP is a Tor exit node with moderate risk, primarily due to its association with Tor infrastructure. While no direct malicious activity is observed, its role as a Tor exit node necessitates heightened monitoring. The geolocation discrepancy and subnet abuse density suggest further investigation is warranted.

Tools Used: `ipdebrief_profile`, `ipdebrief_history`, `ipdebrief_relationships`, `ipdebrief_neighbors`.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionLuxembourg
CityLuxembourg
Timezoneβ€”
Latitude49.79
Longitude6.10

🏒 Ownership & Registration

OrganizationFranTech Solutions
ASNAS53667
Network Nameβ€”
CIDR Block107.189.14.0/24
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTRLuxembourgTorNew31.Quetzalcoatl-relays.org
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)
Forward HostnamesLuxembourgTorNew31.Quetzalcoatl-relays.org

πŸ” DNS Hygiene

Hygiene Score40% (Fair)
SPFPresent
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureUnknown
Service PurposeFirewalled / No Services
Network TierUnknown β€” Insufficient routing data to classify
Tor

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
26%
24
routing
17%
23
services
12%
22
ownership
19%
34
reputation
28%
13
geolocation
19%
22
Overall20%1218
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-22 13:35:41 UTC
Last Seen2026-06-28 19:19:04 UTC
Profile Built2026-06-29 07:22:53 UTC
Data FreshnessLive
Signal Types27
Total Observations51
πŸ” 27 signal types Β· 51 observations collected
This report is generated from 27+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.