IPDebrief

172.234.92.148

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 172.234.92.148

Date: 2026-06-07

---

**1. Risk Profile**

- Identified as a Tor exit node (potential anonymity tool).

- Observed Tor exit indicators in DNS and TLS data.

- Classified as a Tor exit node (not a traditional web server).

- Associated with Linode (cloud provider, ASN 63949).

- Registered to US (region: Osaka, city: Osaka).

- Geolocation data inconsistent (null coordinates).

---

**2. Observation History**

- Detected TLS handshakes (TLS 1.3, Let’s Encrypt certificate).

- Open ports: HTTP (80) and HTTPS (443).

- Server banner: nginx.

- No signs of recent compromises or persistent malicious activity.

- No significant changes in risk scores or network behavior.

- Threat persistence: 0 days (not flagged as persistently malicious).

---

**3. Relationships**

- Linode (cloud provider, ASN 63949).

- Tor network (exit node, potential anonymity tool).

- Domain: `brokenbotnet.com` (DNS PTR: `tor-exit.brokenbotnet.com`).

- TLS certificate issued to `tor-exit.brokenbotnet.com` (Let’s Encrypt).

---

**4. Neighborhood Analysis**

- 0 abuse incidents reported in the subnet.

- 0 neighboring IPs identified (possibly isolated or limited data).

---

**5. Recommendations**

- Track Tor exit node activity, as it may be used for illicit communications or data exfiltration.

- Consider blocking Tor exit nodes if not required for legitimate use.

- Confirm Linode’s compliance with security practices for cloud-hosted Tor nodes.

---

Conclusion:

The IP is a Tor exit node associated with Linode, posing potential risks due to its anonymity capabilities. While no direct malicious activity is detected, its Tor association warrants further monitoring. No immediate action is required unless Tor usage is explicitly prohibited.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionOsaka
CityOsaka
Timezoneβ€”
Latitude34.69
Longitude135.50

🏒 Ownership & Registration

OrganizationLinode
ASNAS63949
Network Nameβ€”
CIDR Block172.234.80.0/20
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTRtor-exit.brokenbotnet.com
Forward ConfirmedYes β€” FCrDNS verified
Forward Hostnamestor-exit.brokenbotnet.com

πŸ” DNS Hygiene

Hygiene Score100% (Excellent)
SPFPresent
DMARCPresent
FCrDNSVerified
DNSSECValid
CAAPresent

☁️ Network Classification

InfrastructureUnknown
Service PurposeWeb Server
Network TierTier 3 β€” Basic operator with some routing infrastructure
Tor

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
80httptcpβ€”
443httpstcpβ€”
Closed Ports22, 25, 3389, 8080, 8443 (2 open / 7 scanned)
Servernginx
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
CN=tor-exit.brokenbotnet.com
Issued by CN=YE1, O=Let's Encrypt, C=US
Self-signed: No
SANstor-exit.brokenbotnet.com
Valid From2026-06-07T11:07:52+00:00
Valid Until2026-09-05T11:07:51+00:00
TLS ProtocolTls13
Cipher SuiteTLS_AES_256_GCM_SHA384
Signature Algorithmsha384ECDSA
Validity Period89 days
Serial Number052471A77CAFDE27AD40D2E8749ACDFF3A65
Thumbprint001544C307941FDBF824014872ECBA51A7469716

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
25%
24
routing
20%
23
services
28%
23
ownership
27%
35
reputation
29%
13
geolocation
34%
23
Overall27%1221
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceMostly Consistent (85%) β€” 1 contradiction(s)
AttributionModerate (70%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid
⚠ High authority score (70) but appears on threat lists (risk 49)

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-22 13:35:43 UTC
Last Seen2026-06-28 19:25:49 UTC
Profile Built2026-06-29 01:27:47 UTC
Data FreshnessLive
Signal Types30
Total Observations56
πŸ” 30 signal types Β· 56 observations collected
This report is generated from 30+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.