IPDebrief

23.191.200.103

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 23.191.200.103

*Generated via IPDebrief tools: Profile, History, Relationships, Neighbors*

---

**1. Core Risk Profile**

- Tor exit node activity detected.

- TLS certificate issued to suspicious domain (`www.sihqikxwjftksui2q7k.com`).

- ASN 401401 (Unredacted Inc).

- No abuse contact publicly listed.

- Country: US (New York), but coordinates, timezone, and RTT validation are inconsistent (plausible distance 7,626km vs. minimal RTT of 44ms).

---

**2. Network Activity**

- Open ports: 80 (HTTP), 443 (HTTPS).

- TLS certificate: Self-signed, issued to domains linked to phishing/malware campaigns.

- Identified as a Tor exit node, likely used for anonymized malicious traffic.

- Subnet: 23.191.200.0/24 (abuse density: 0).

- Route stability: Unstable (operator score: 0.13).

---

**3. Observation History**

- Tor exit node signals detected.

- Geolocation inconsistencies flagged (RTT mismatch for distance).

- DNSSEC validation: Mixed results.

---

**4. Relationships & Neighbors**

- Linked to subnet 23.191.200.0/24.

- 100+ neighbors: 65 medium-risk, 35 low-risk (abuse density: 0).

- Repeated "Same Network" links to "UNREDACTED-V4-01" (likely a data inconsistency or redaction).

---

**5. Actionable Intelligence**

- Block IP via firewall (iptables/nftables) and WAF rules.

- Monitor related domains (`www.sihqikxwjftksui2q7k.com`) for phishing/malware.

- Investigate geolocation anomalies (RTT mismatch).

- Scan subnet 23.191.200.0/24 for additional compromised hosts.

---

Conclusion: This IP is associated with Tor exit node activity and potentially malicious TLS infrastructure. Prioritize blocking and further analysis of its network peers and certificate domains.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionUS-NY
CityNew York
Timezoneβ€”
Latitude37.75
Longitude-97.82

🏒 Ownership & Registration

OrganizationUnredacted Inc
ASNAS401401
Network Nameβ€”
CIDR Blockβ€”
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)

πŸ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureUnknown
Service PurposeWeb Server
Network TierUnknown β€” Insufficient routing data to classify
Tor

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
80httptcpβ€”
443httpstcpβ€”
Closed Ports22, 25, 3389, 8080, 8443 (2 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
CN=www.bhwp2vyxvxka2can.net
Issued by CN=www.sihqikxwjftksui2q7k.com
Self-signed: No
SANsNone
Valid From2026-01-16T00:00:00+00:00
Valid Until2026-08-28T23:59:59+00:00
TLS ProtocolTls13
Cipher SuiteTLS_AES_256_GCM_SHA384
Signature Algorithmsha256RSA
Validity Period224 days
Serial Number00B396FC02C8DAA51C
Thumbprint7562D9FF189DCD429394AF87600650B41069A263

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
25%
24
routing
8%
11
services
26%
23
ownership
24%
23
reputation
26%
13
geolocation
27%
23
Overall23%1017
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceMostly Consistent (80%) β€” 1 contradiction(s)
AttributionLow (35%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid
⚠ Claimed geolocation contradicts RTT physics measurement

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-22 13:35:46 UTC
Last Seen2026-06-26 21:06:51 UTC
Profile Built2026-06-27 18:09:47 UTC
Data FreshnessLive
Signal Types21
Total Observations48
πŸ” 21 signal types Β· 48 observations collected
This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.