107.189.6.232
IPDEBRIEF INTELLIGENCE BRIEFING
Target: 107.189.6.232/32
Generated: June 2026
Classification: Moderate Risk β Tor Exit Node
---
Executive Summary
IP address 107.189.6.232 operates as a Tor exit node hosted by BuyVM (ASN 53667) in the US region. The IP carries a risk score of 59 (Moderate Risk) and is associated with Tor exit indicators. Network infrastructure shows stable routing with no observed malicious campaigns.
---
Technical Profile
- Risk Score: 59 (Moderate Risk)
- ASN: 53667 (BuyVM)
- Organization: BuyVM
- RIR: ARIN
- Geolocation: United States (Maine, Bissen) β accuracy radius 2,500km
- Network Classification: Tor Exit Node / Web Server
- Service Purpose: Web Server
---
Threat Indicators
- Tor Exit Node: Confirmed (isTor: true)
- Threat Indicators: Tor exit indicators observed
- Blacklist Status: Listed on 1 blacklist
- DNSBL Listings: 2 of 8 total lists
- Known Attacker: No
- Spam Source: No
- Known Campaigns: None detected
---
DNS and Email Reputation
- PTR Hostname: exit.alt.cx
- Forward Resolution: Confirmed (1 forward hostname)
- Domain: alt.cx
- Email Authentication: SPF configured (true), DMARC configured (true)
- Forward Hostnames: exit.alt.cx
---
Service Exposure
- Open Ports:
- 80/TCP (HTTP)
- 443/TCP (HTTPS)
- 22/TCP (SSH β OpenSSH_10.0p2 Debian)
- Web Server: Caddy
- TLS Certificate: Not present
- HTTP Title: Not detected
---
Network Relationships
- Control Plane: BGP prefix 107.189.0.0/21 via ASN 6939 β 53667
- Route Stability: Stable (0 changes in 30 days)
- DNSSEC: Valid
- CAA Records: Present
- Related Hostnames: exit.alt.cx
- Related Networks: BUYVM-LUXEMBOURG-02 (multiple associations)
---
Neighborhood Analysis (107.189.6.0/24)
- Abuse Density: 1 (mostly_clean)
- Total Siblings: 2
- Active Siblings: 2
- Threat Siblings: 2
- Neighbor IP Analysis:
- 107.189.6.63: Risk Score 50, Authority Score 50
- 107.189.6.124: Risk Score 59, Authority Score 50
---
Observation History
- Total Observations: 62
- Recent Activity: Connection failures observed on 2026-06-20
- Operator Score: 0.4783 (Basic)
- Route Stability: Consistent across multiple observations
- Threat Persistence: Not persistently malicious
---
Recommended Actions
- Firewall Rules: Block traffic on port 22 (SSH) from this IP to prevent unauthorized access attempts
- Traffic Monitoring: Monitor outbound connections from internal systems to this IP for potential data exfiltration via Tor
- Log Analysis: Review any connections to 107.189.6.232 for suspicious patterns, particularly those originating from internal hosts
- DNSBL Monitoring: IP is listed on 2 of 8 DNSBL lists β monitor for additional blacklistings
---
Assessment
The IP 107.189.6.232 is a legitimate Tor exit node operated by BuyVM. While not flagged as a known attacker or spam source, the Tor exit node classification presents elevated risk for data exfiltration and anonymity-based attacks. The stable routing profile and lack of campaign correlations suggest the infrastructure is being used for legitimate Tor services rather than active malicious campaigns. SOC teams should maintain monitoring but may not require immediate blocking unless internal compromise is suspected.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | BuyVM |
| ASN | AS53667 |
| Network Name | β |
| CIDR Block | 107.189.0.0/21 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | exit.alt.cx |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | exit.alt.cx |
π DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Caddy |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_10.0p2 Debian-7+deb13u4 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 17% | 2 | 3 |
| services | 28% | 2 | 3 |
| ownership | 31% | 3 | 9 |
| reputation | 29% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 26% | 12 | 25 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:51 UTC |
| Last Seen | 2026-06-28 19:31:54 UTC |
| Profile Built | 2026-06-29 01:33:31 UTC |
| Data Freshness | Live |
| Signal Types | 30 |
| Total Observations | 60 |
Full dossier details are available via our API.