176.121.81.51
IP Intelligence Briefing: 176.121.81.51
Date: 2026-06-09
---
**1. Risk Profile**
- Risk Score: 70 (High Risk)
- Threat Indicators:
- Flagged as a Tor exit node (blacklisted in 1 source).
- No known malicious campaigns or spam activity.
- Network Role: Tor exit node, no open services detected.
- Geolocation:
- Country: Poland (PL)
- City: Wroclaw
- ISP: AMSNET-MNT (AS59444)
---
**2. Observation History**
- Tor Exit Activity:
- Observed as a Tor exit node in the last 30 days.
- No persistent malicious behavior or threat persistence.
- Stability:
- BGP route stability: Unstable (route changes detected).
- No DNSSEC violations or CAA misconfigurations.
---
**3. Relationships**
- Network Affiliation:
- Linked to AMSNET-PL (AS59444) via the same /22 subnet (176.121.80.0/22).
- No direct connections to known malicious domains or organizations.
- DNS:
- Resolves to host-176-121-81-51.amsnet.pl.
- SPF and DMARC records present but not validated.
---
**4. Neighborhood Analysis**
- Subnet: 176.121.81.51/24
- Neighbor Activity:
- 0 active neighbors detected.
- Subnet abuse density: 0% (clean classification).
---
**5. Key Findings**
- The IP is a Tor exit node, which is a known vector for anonymizing malicious traffic.
- Ownership by AMSNET-MNT (Poland) and geolocation in Wroclaw suggest a legitimate infrastructure, but Tor exit status raises red flags.
- No active malicious indicators, but the Tor association alone warrants monitoring.
---
**6. Recommendations**
1. Block Tor Exit Nodes: If not required, block traffic from this IP to mitigate potential anonymized attacks.
2. Monitor Network Activity: Track changes in BGP routes or DNS behavior for anomalies.
3. Verify Ownership: Confirm AMSNET-MNTโs compliance with security best practices for Tor infrastructure.
4. Check Subnet: Investigate the 176.121.80.0/22 subnet for additional Tor-related IPs.
---
End of Briefing
*Generated by IPDebrief for SOC operational use.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | AMSNET-MNT |
| ASN | AS59444 |
| Network Name | โ |
| CIDR Block | 176.121.80.0/22 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | host-176-121-81-51.amsnet.pl |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | host-176-121-81-51.amsnet.pl |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_7.4 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 45% | 2 | 8 |
| routing | 27% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 42% | 3 | 10 |
| reputation | 26% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 31% | 12 | 29 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 13:35:47 UTC |
| Last Seen | 2026-06-26 21:06:52 UTC |
| Profile Built | 2026-06-27 15:52:35 UTC |
| Data Freshness | Live |
| Signal Types | 30 |
| Total Observations | 68 |
Full dossier details are available via our API.