IPDebrief

172.234.228.174

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 172.234.228.174/32

Date: Current Analysis

Classification: Moderate Risk

Risk Score: 49/100

---

## Executive Summary

IP address 172.234.228.174 is classified as a Tor exit node operated by Linode (ASN 63949) in Tukwila, WA, US. The IP demonstrates moderate risk characteristics consistent with anonymous traffic patterns. Primary concern: Tor exit node designation with associated anonymity implications.

---

## Threat Indicators

IndicatorStatus
Tor Exit Node**Confirmed**
Blacklist Count1
DNSBL Listed1 of 8
Known AttackerNo
Spam SourceNo

Threat Observations: Tor exit indicators detected. IP serves as proxy endpoint for anonymous traffic, potentially facilitating command-and-control, credential stuffing, or other malicious activities while obscuring true source identity.

---

## Network Infrastructure

DNS Profile:

---

## Geolocation Analysis

---

## Historical Trend Analysis

Total observations: 49 signals over monitoring period. Recent activity shows:

Conclusion: IP maintains relatively stable profile without recent behavioral escalation.

---

## Neighborhood Assessment

---

## Recommended Actions

Security ControlActionSeverity
Access ControlEnhanced verification for anonymous trafficMedium

Recommended Firewall Rules:

```bash

# iptables

iptables -A INPUT -s 172.234.228.174 -j DROP

# nftables

nft add rule inet filter input ip saddr 172.234.228.174 drop

# nginx

deny 172.234.228.174;

# pfSense

172.234.228.174/32

# Cloudflare WAF

{"description":"Block 172.234.228.174 β€” IPDebrief risk score 49","action":"block"}

```

---

## Relationship Mapping

---

## Intelligence Assessment

The IP address functions as a Tor exit node, a legitimate infrastructure type but frequently abused for anonymizing malicious traffic. While the IP itself is not flagged as a known attacker or spam source, its function as an anonymous proxy endpoint warrants monitoring. The moderate risk score (49) reflects the inherent ambiguity of Tor exit node traffic β€” legitimate use cases exist alongside potential abuse scenarios.

Recommendation: Implement enhanced verification controls for traffic from this IP. Block by default if traffic is unexpected for your use case. Monitor for patterns indicating abuse (e.g., credential stuffing attempts, high-frequency requests, unusual ports).

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionWA
CityTukwila
Timezoneβ€”
Latitude47.48
Longitude-122.26

🏒 Ownership & Registration

OrganizationLinode
ASNAS63949
Network Nameβ€”
CIDR Block172.234.224.0/19
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTRbluto.relaymagic.org
Forward ConfirmedYes β€” FCrDNS verified
Forward Hostnamesbluto.relaymagic.org

πŸ” DNS Hygiene

Hygiene Score80% (Excellent)
SPFPresent
DMARCPresent
FCrDNSVerified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureUnknown
Service PurposeWeb Server
Network TierUnknown β€” Insufficient routing data to classify
Tor

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
443httpstcpβ€”
Closed Ports22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
CN=www.u6emk7rvzyyqctdzci.net
Issued by CN=www.ldtkjgyqkzl.com
Self-signed: No
SANsNone
Valid From2025-09-23T00:00:00+00:00
Valid Until2026-08-25T23:59:59+00:00
TLS ProtocolTls13
Cipher SuiteTLS_AES_256_GCM_SHA384
Signature Algorithmsha256RSA
Validity Period336 days
Serial Number00F31CC96D75818F35
Thumbprint2B1B3AFF44A32DFA9F35AC3FC93F414A9F71EEB6

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
26%
24
routing
20%
23
services
30%
23
ownership
19%
34
reputation
28%
13
geolocation
39%
23
Overall27%1220
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceMostly Consistent (80%) β€” 1 contradiction(s)
AttributionModerate (55%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid
⚠ Claimed geolocation contradicts RTT physics measurement

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-22 13:35:39 UTC
Last Seen2026-06-28 19:13:14 UTC
Profile Built2026-06-29 07:17:07 UTC
Data FreshnessLive
Signal Types27
Total Observations51
πŸ” 27 signal types Β· 51 observations collected
This report is generated from 27+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.