149.102.153.38
IP Intelligence Briefing: 149.102.153.38
Date: 2026-06-09
---
**1. Core Profile**
- Risk Score: 59 (Moderate Risk)
- Provider: Cogent Communications, LLC (ASN 51167)
- Geolocation: Portsmouth, England, US (latitude/longitude unspecified)
- Threat Indicators:
- Tor exit node (confirmed via DNS: `uk1tor.quetzalcoatl-relays.org`)
- Listed in 1 DNSBL (high-severity listing)
- Network Role: Tor exit node (no active services or hosting)
- DNS:
- PTR hostname: `uk1tor.quetzalcoatl-relays.org`
- SPF record present, no DMARC
---
**2. Observation History**
- Recent Activity (2026-06-09):
- High-severity DNSBL listing (1 entry).
- Operator score: "Basic" (0.3478).
- No persistent malicious activity detected.
- Trend: Single threat observation; no escalation in risk over time.
---
**3. Relationships**
- Network Links:
- Linked to Cogent Communications' network (`COGENT-149-102-16`).
- No other IPs in the same /24 subnet (neighbors tool returned 0 entries).
- Threat Context:
- No direct connections to known malicious campaigns or domains.
---
**4. Neighborhood Analysis**
- Subnet: `149.102.153.38/24`
- Abuse Density: 0 (subnet is "mostly clean").
- Neighbors: No active sibling IPs in the subnet.
---
**5. Recommendations**
- Monitoring: Track Tor exit node traffic to detect potential abuse (e.g., C2 communication, data exfiltration).
- Firewall: Consider blocking Tor exit nodes if not required for legitimate use.
- Network: Verify Cogent Communications' network for broader risk exposure.
---
Conclusion: This IP is a Tor exit node with moderate risk due to DNSBL listing. While no direct malicious activity is observed, its role as a Tor exit node warrants monitoring for potential misuse. No immediate action is required unless traffic through this IP is flagged for suspicious behavior.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cogent Communications, LLC |
| ASN | AS51167 |
| Network Name | β |
| CIDR Block | 149.102.152.0/21 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | uk1tor.quetzalcoatl-relays.org |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | uk1tor.quetzalcoatl-relays.org |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 20% | 2 | 3 |
| services | 12% | 2 | 2 |
| ownership | 19% | 3 | 4 |
| reputation | 28% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 23% | 12 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:40 UTC |
| Last Seen | 2026-06-28 19:16:23 UTC |
| Profile Built | 2026-06-29 07:20:32 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 52 |
Full dossier details are available via our API.