IPDebrief

107.189.30.49

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 107.189.30.49

Date: June 15, 2026

---

**1. Core Profile**

- ASN: AS53667 (BuyVM)

- Registrar: ARIN

- Geolocation: Registered to the US but geolocated to Luxembourg (49.75°N, 6.17°E)

- Identified as a Tor exit node (potential anonymity layer for malicious activity)

- DNSSEC validation confirmed, but no TLS certificate details available

- 2 DNSBL listings (out of 8 total)

---

**2. Observation History**

- Tor exit node detected with 50+ pulse counts (potential for data exfiltration or covert communication)

- Geo validation: Plausible (301.9 km from probe, 108ms avg RTT)

- No significant changes in risk signals over time

---

**3. Network Relationships**

- Same network: BUYVM-LUXEMBOURG-03 (repeated in 191 relationships)

- Subnet: 107.189.30.0/24 (abuse density: 0%)

- 107.189.30.69 (riskScore: 59), 107.189.30.86 (riskScore: 59), 107.189.30.236 (riskScore: 59)

- All subnets show low to moderate risk, no immediate abuse indicators

---

**4. Threat Context**

- High-risk due to potential use in anonymizing malicious traffic (e.g., C2, exfiltration)

- No direct evidence of active attacks, but Tor exit nodes are often associated with covert operations

- BuyVM (AS53667) is a commercial hosting provider with no known malicious activity in historical records

---

**5. Recommendations**

- Track Tor exit node activity for anomalous traffic patterns (e.g., unusual TLS handshakes, volume spikes)

- Monitor BUYVM network for correlated threats (107.189.30.0/24)

- Consider blocking Tor exit nodes if not required for legitimate use (e.g., via iptables or WAF rules)

- Verify TLS certificate validity for HTTPS service (port 443)

---

Conclusion:

107.189.30.49 is a Tor exit node operated by BuyVM, registered to Luxembourg but geolocated to the US. While no direct malicious activity is observed, its association with Tor requires vigilance. The subnet shows low abuse density, but network defenders should monitor for potential covert operations leveraging the Tor anonymity layer.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
Regionβ€”
CityLondon
Timezoneβ€”
Latitude49.75
Longitude6.17

🏒 Ownership & Registration

OrganizationBuyVM
ASNAS53667
Network Nameβ€”
CIDR Block107.189.30.0/23
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)

πŸ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureUnknown
Service PurposeWeb Server
Network TierUnknown β€” Insufficient routing data to classify
Tor

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
443httpstcpβ€”
Closed Ports22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
CN=www.yzmzw6oqdklh2d22tyo7.net
Issued by CN=www.g6xiqllrx7zo5hp.com
Self-signed: No
SANsNone
Valid From2026-06-08T00:00:00+00:00
Valid Until2026-08-27T23:59:59+00:00
TLS ProtocolTls13
Cipher SuiteTLS_AES_256_GCM_SHA384
Signature Algorithmsha256RSA
Validity Period80 days
Serial Number00DB2E83C730E45DC5
ThumbprintFC3A7DDD8FF59D6AF0D7DA56646C2CA8CC43E1E3

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
26%
24
routing
17%
23
services
34%
23
ownership
29%
36
reputation
28%
13
geolocation
33%
23
Overall28%1222
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-22 13:35:43 UTC
Last Seen2026-06-28 19:25:09 UTC
Profile Built2026-06-29 07:28:46 UTC
Data FreshnessLive
Signal Types26
Total Observations53
πŸ” 26 signal types Β· 53 observations collected
This report is generated from 26+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.