IPDebrief

167.179.117.50

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON ๐Ÿ”ง Full Actions API
๐Ÿค– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IPDEBRIEF INTELLIGENCE BRIEFING

Target: 167.179.117.50/32

Classification: TOR EXIT NODE - MODERATE RISK

Date: Current

---

## EXECUTIVE SUMMARY

IP address 167.179.117.50 operates as a Tor exit node within Japan, presenting moderate risk (score: 59). The IP belongs to IRT-CHOOPALLC-AP (ASN 20473) on the TYO_VULTR_CUST network infrastructure. Current operational status indicates no open services; the endpoint is firewalled. A single blacklist listing and one threat-adjacent sibling IP are documented.

---

## TECHNICAL PROFILE

AttributeValue
**Risk Score**59 (Moderate)
**ASN**20473 (IRT-CHOOPALLC-AP)
**Organization**IRT-CHOOPALLC-AP
**Network Name**TYO_VULTR_CUST
**CIDR Block**167.179.96.0/19
**Location**Japan (JP), Heiwajima
**PTR Hostname**io6b.com
**Network Role**Tor Exit Nodes
**DNSBL Listed**1 of 8 lists
**Services**None (Firewalled)

---

## THREAT INDICATORS

---

## NEIGHBORHOOD CONTEXT

Subnet 167.179.117.50/24 shows low abuse density (0) with classification "mostly_clean." One active threat sibling IP identified within the subnet. No additional neighbor relationships detected. The IP is part of a larger 223-entity relationship cluster, primarily mapped to TYO_VULTR_CUST network infrastructure.

---

## OBSERVATION HISTORY

62 total signals observed. Recent monitoring (June 20, 2026) shows consistent operator scoring at 0.3913 ("Basic" classification) with route stability maintained. No significant temporal threat escalation patterns detected.

---

## RECOMMENDED ACTIONS

For SOC/Network Defense:

1. Monitor inbound connections from this Tor exit node for data exfiltration or command-and-control activity

2. Implement connection rate limiting for traffic originating from 167.179.117.0/24 subnet

3. Review any recent outbound connections to this IP for potential compromise indicators

4. Consider blocking or monitoring based on organizational policy for Tor exit node traffic

Firewall Rule Recommendation:

```

# Monitor Tor traffic from this exit node

iptables -A INPUT -s 167.179.117.50 -j LOG --log-prefix "TOR_EXIT:"

# Or block if policy prohibits

# iptables -A INPUT -s 167.179.117.50 -j DROP

```

---

## ANALYST NOTES

This IP represents legitimate Tor infrastructure rather than direct malicious activity. The primary concern is its use as an anonymization endpoint, which may be exploited by adversaries for C2 or exfiltration. The absence of open services reduces direct exploitation risk, but traffic analysis remains warranted.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

๐ŸŒ Geolocation

Country๐Ÿ‡ฏ๐Ÿ‡ต Japan
Region13
CityHeiwajima
TimezoneAsia/Tokyo
Latitude35.62
Longitude139.74

๐Ÿข Ownership & Registration

OrganizationIRT-CHOOPALLC-AP
ASNAS20473
Network NameTYO_VULTR_CUST
CIDR Block167.179.96.0/19
RIRARIN
CountryJP
Abuse ContactAvailable via RDAP

๐ŸŒ DNS Intelligence

PTRio6b.com
Forward ConfirmedNo โ€” PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnamesio6b.com

๐Ÿ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

โ˜๏ธ Network Classification

InfrastructureUnknown
Service PurposeFirewalled / No Services
Network TierTier 3 โ€” Basic operator with some routing infrastructure
Tor

๐Ÿ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverโ€”
HTTP Titleโ€”

๐Ÿ” TLS Certificate

๐Ÿ”’
No certificate
Issued by โ€”
N/A
SANsNone
Valid Fromโ€”
Valid Untilโ€”

๐ŸŽฏ Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
33%
24
routing
27%
23
services
19%
22
ownership
35%
38
reputation
25%
13
geolocation
24%
23
Overall27%1223
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

๐Ÿ“… Observation Timeline ๐Ÿ”„ Live

First Seen2026-05-29 05:53:48 UTC
Last Seen2026-06-29 06:04:57 UTC
Profile Built2026-06-29 06:12:31 UTC
Data FreshnessLive
Signal Types30
Total Observations57
๐Ÿ” 30 signal types ยท 57 observations collected
This report is generated from 30+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API ๐Ÿ”ง Actions API ๐Ÿ“ง Enterprise Access

โ„น๏ธ About This Report

All data shown is publicly available network metadata โ€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.