IPDebrief

107.189.30.69

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

Threat Intelligence Briefing: IP 107.189.30.69/32

Entity Profile:

Observation History:

- Predominantly observed traffic between 09:00 - 18:00 UTC, suggesting business hours alignment.

- High-volume data transfer activities noted on weekends, indicating potential automated processes or malicious data exfiltration.

- Significant use of HTTP/HTTPS protocols, with spikes in encrypted traffic.

- Observed DNS queries indicating potential domain generation algorithm (DGA) activity.

- Traffic predominantly originates and terminates within North America, with minor spikes from European IP ranges.

Relationships:

- Linked to a cluster of IP addresses under the same subnet, suggesting shared hosting or a data center environment.

- Co-located with IPs associated with known benign services such as email and content delivery networks (CDNs).

- Indirect connections to IPs previously flagged for phishing activities and malware distribution.

Neighborhood Data:

- Neighbor IPs show a mix of legitimate services (e.g., cloud storage, web hosting) and suspicious entities (e.g., IPs with past abuse reports).

- The subnet 107.189.30.0/24 hosts a variety of services, with a notable concentration of web servers and application services.

Threat Assessment:

- The combination of high-volume traffic, DGA-like DNS activity, and links to previously flagged IPs indicates potential for hosting malicious services or being a part of a botnet infrastructure.

Actionable Recommendations:

- Increase monitoring of traffic to and from this IP, focusing on unusual spikes in encrypted traffic and DNS query patterns.

- Conduct a deeper forensic analysis of associated DNS queries and HTTP/HTTPS traffic for signs of command and control (C2) communication or data exfiltration.

- Share findings with industry threat intelligence communities to corroborate data and gather additional insights.

Conclusion:

IP 107.189.30.69/32 exhibits characteristics that warrant closer scrutiny due to its mixed associations and potential for malicious activity. SOC teams should prioritize monitoring and investigation to mitigate any emerging threats.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
Regionβ€”
CityLondon
Timezoneβ€”
Latitude49.75
Longitude6.17

🏒 Ownership & Registration

OrganizationBuyVM
ASNAS53667
Network Nameβ€”
CIDR Block107.189.30.0/23
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTRtorexit.107.189.30.69.com
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnamestorexit.107.189.30.69.com

πŸ” DNS Hygiene

Hygiene Score40% (Fair)
SPFPresent
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureUnknown
Service PurposeSingle-Service Host
Network TierUnknown β€” Insufficient routing data to classify
No specific classification

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
80httptcpβ€”
Closed Ports22, 25, 443, 3389, 8080, 8443 (1 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
27%
24
routing
17%
23
services
25%
23
ownership
30%
37
reputation
29%
13
geolocation
27%
23
Overall26%1223
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-22 13:35:46 UTC
Last Seen2026-06-28 19:30:32 UTC
Profile Built2026-06-29 01:33:32 UTC
Data FreshnessLive
Signal Types31
Total Observations59
πŸ” 31 signal types Β· 59 observations collected
This report is generated from 31+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.