IPDebrief

172.104.186.73

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 172.104.186.73

*Generated via IPDebrief tools (profile, history, relationships, neighbors)*

---

**Core Profile**

- Tor exit node observed (potential privacy/attack vector).

- DNS blacklisted (2/8 lists) and flagged for Tor exit activity.

---

**Observation History**

- 15 June 2026: Flagged in DNS blacklists (2/8 lists) with high-severity indicators.

- 11 June 2026: Operator score "Basic" (0.39), route stability confirmed.

- 2 June 2026: DNS resolution attempts with mixed success (some failed connections).

---

**Network Relationships**

- Domain: `tor-exit.sg.localenby.is` (DNS PTR record).

- Organization: Linode (same ASN).

- Services: SSH (OpenSSH 9.2), HTTP/HTTPS (no banners).

- TLS certificate issued to `www.6banyfjrpo.com` (self-signed, no SANs).

---

**Subnet Neighbors**

- 2 IPs with low risk (25/100 score).

- Subnet abuse density: 0.6667 (mostly clean, but some risk).

---

**Actionable Insights**

1. Monitor Traffic:

- Track outbound traffic from this Tor exit node for C2 or data exfiltration.

- Check for DNS leaks or unintended connections to `localenby.is`.

2. Blocklist Consideration:

- Add to DNS-layer filters due to blacklisted status.

3. Verify Ownership:

- Linode’s abuse contact is available; confirm if this IP is compromised.

4. Subnet Review:

- While neighbors are low-risk, the subnet’s moderate abuse density warrants closer scrutiny.

Conclusion: This IP is a Tor exit node with mixed risk factors. While not immediately malicious, its association with Tor and DNS blacklists makes it a potential vector for covert activities. SOC teams should prioritize monitoring and verify ownership to mitigate risks.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΈπŸ‡¬ Singapore
Regionβ€”
CitySingapore
Timezoneβ€”
Latitude1.29
Longitude103.85

🏒 Ownership & Registration

OrganizationLinode
ASNAS63949
Network Nameβ€”
CIDR Block172.104.160.0/19
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTRtor-exit.sg.localenby.is
Forward ConfirmedYes β€” FCrDNS verified
Forward Hostnamestor-exit.sg.localenby.is

πŸ” DNS Hygiene

Hygiene Score80% (Excellent)
SPFPresent
DMARCPresent
FCrDNSVerified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureUnknown
Service PurposeWeb Server
Network TierUnknown β€” Insufficient routing data to classify
No specific classification

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
80httptcpβ€”
443httpstcpβ€”
22sshtcp
Closed Ports25, 3389, 8080, 8443 (3 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”
SSH VersionSSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u10

πŸ” TLS Certificate

πŸ”’
CN=www.q5r7w6tnjzba5b.net
Issued by CN=www.gdps4seai2c.com
Self-signed: No
SANsNone
Valid From2026-02-04T00:00:00+00:00
Valid Until2026-08-14T23:59:59+00:00
TLS ProtocolTls13
Cipher SuiteTLS_AES_256_GCM_SHA384
Signature Algorithmsha256RSA
Validity Period191 days
Serial Number00F11510FBA28EDDB5
Thumbprint8492AD4A208B578A114F46ABC6E23F66C9C0B93A

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
26%
24
routing
20%
23
services
30%
23
ownership
19%
34
reputation
28%
13
geolocation
39%
23
Overall27%1220
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (70%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-22 13:35:40 UTC
Last Seen2026-06-28 19:15:12 UTC
Profile Built2026-06-29 07:19:24 UTC
Data FreshnessLive
Signal Types28
Total Observations52
πŸ” 28 signal types Β· 52 observations collected
This report is generated from 28+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.