107.189.8.65

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## THREAT INTELLIGENCE BRIEFING

Target IP: 107.189.8.65/32

Classification: Tor Exit Node / Moderate Risk Infrastructure

Date: Current Assessment

EXECUTIVE SUMMARY

IP 107.189.8.65 is a Tor exit node operated by BuyVM (ASN 53667) with a moderate risk score of 49. The IP exhibits Tor-related threat indicators and is associated with the tor-exit-node.net infrastructure. While classified as a Tor exit node, the subnet shows relatively low abuse density compared to typical Tor infrastructure.

INFRASTRUCTURE PROFILE

Attribute	Value
Organization	BuyVM
ASN	53667
Geolocation	US/Luxembourg (2500km accuracy radius)
CIDR Block	107.189.8.0/22
Reputation	Moderate Risk (Score: 49)
Threat Type	Tor Exit Node

THREAT INDICATORS

Tor Exit Node: Confirmed (isTorExit: true)
Blacklist Status: Listed on 1 DNS blacklist (of 8 total lists)
Threat Feeds: No known malicious campaigns or attacker associations
Known Attacker: False
Spam Source: False

NETWORK SERVICES

Port	Protocol	Service
22	TCP	SSH (OpenSSH 8.0)
80	TCP	HTTP
443	TCP	HTTPS

TLS Certificate: Self-signed certificate detected (issuer: www.qlihcwiu2vndi6o3tjn.com, subject: www.elhh26xzwx.net). Certificate configuration warrants monitoring.

OBSERVATION HISTORY

52 total observations recorded. Recent signals indicate:

Risk Trend: Minimal risk observed in recent probes (June 2026 timeframe)
Connection Status: Intermittent connection failures observed
Threat Persistence: 0 days of persistent malicious activity
Stability: IP ownership has not changed

NETWORK CONTEXT

Subnet Classification: High abuse density (107.189.8.0/24)
Neighbor Count: 6 active siblings within /24
Neighbor Risk Scores: 49-55 (medium risk range)
Network Label: BUYVM-LUXEMBOURG-03
DNS Association: lux2.tor-exit-node.net

SOC ACTIONS RECOMMENDED

1. Allow with Logging: Permitted traffic from known Tor exit node; monitor for anomalous patterns

2. SSH Monitoring: SSH service (port 22) is exposed; correlate with authentication logs

3. Certificate Alert: Self-signed TLS certificate detected; verify legitimacy if HTTPS traffic is observed

4. Subnet Context: Consider broader subnet (107.189.8.0/24) in threat hunting; 6 medium-risk neighbors present

5. Baseline Expectation: Expect Tor-related traffic patterns; false positives likely for anonymized traffic

RISK ASSESSMENT

This IP represents typical Tor exit node behavior. Legitimate use cases include privacy-conscious users and journalists. The moderate risk score reflects Tor exit node characteristics rather than confirmed malicious activity. No evidence of active malware distribution or known attack campaigns.

Recommendation: Monitor but allow; correlate with threat intelligence for any emerging malicious activity from this infrastructure.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	Luxembourg
City	Luxembourg
Timezone	—
Latitude	49.79
Longitude	6.10

🏢 Ownership & Registration

Organization	BuyVM
ASN	AS53667
Network Name	—
CIDR Block	107.189.8.0/22
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	lux2.tor-exit-node.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`lux2.tor-exit-node.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Web Server
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_8.0
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	—
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.0

🔐 TLS Certificate

🔒

CN=www.jk27ywo44b5sdma.net

Issued by CN=www.zrbttpoo3n.com

Self-signed: No

SANs	None
Valid From	2026-02-13T00:00:00+00:00
Valid Until	2026-12-21T23:59:59+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	311 days
Serial Number	0088741E21901BC338
Thumbprint	8FFABD41A87162319B72A3EF07B413CEA374CACA

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	26%	2	4
routing	17%	2	3
services	34%	2	3
ownership	27%	3	5
reputation	28%	1	3
geolocation	33%	2	3
Overall	28%	12	21

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-22 13:35:42 UTC
Last Seen	2026-06-28 19:24:41 UTC
Profile Built	2026-06-29 07:28:46 UTC
Data Freshness	Live
Signal Types	29
Total Observations	54

🔍 29 signal types · 54 observations collected

This report is generated from 29+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

107.189.8.65📋 Copy