IPDebrief

23.191.200.6

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 23.191.200.6

Date: 2026-06-09

---

**Risk Profile**

- Tor exit node activity detected.

- Geolocation anomalies: 7,626 km distance vs. claimed 37.751°N, -97.822°W (New York, NY).

- RTT (Round-Trip Time) discrepancy: Observed 50ms vs. minimum possible 152.5ms for the distance.

- Open ports: HTTP (80/TCP), HTTPS (443/TCP).

- TLS certificate: Self-signed, issued to `www.hk33xpsu3cz.com`, subject `www.yishwjinlbw.net`.

---

**Ownership & Geolocation**

- Country: US (NY).

- Geo-plausibility: False (distance vs. claimed location).

- Accuracy radius: 2,500 km (low confidence).

---

**Observation History**

- 27 observations, primarily Tor exit node signals.

- Persistent geolocation anomalies and DNSSEC validation issues.

- No significant changes in risk score or network behavior.

---

**Relationships**

- Same network: 28 instances of "UNREDACTED-V4-01" (likely internal network labels).

- No direct links to known malicious organizations or domains.

---

**Recommended Actions**

1. Block/Restrict Access:

- Apply firewall rules to block traffic from 23.191.200.6.

- Example:

```bash

iptables -A INPUT -s 23.191.200.6 -j DROP

nft add rule inet filter input ip saddr 23.191.200.6 drop

```

2. Monitor Anomalies:

- Investigate geolocation inconsistencies and Tor exit node activity.

- Review TLS certificate validity and potential spoofing.

3. Network Segmentation:

- Isolate the subnet (23.191.200.0/24) if it contains other high-risk IPs.

---

**Key Flags**

Next Steps: Validate geolocation data, monitor for sustained malicious activity, and verify certificate legitimacy.

*Generated by IPDebrief – IP Intelligence Platform*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionUS-NY
CityNew York
Timezoneβ€”
Latitude37.75
Longitude-97.82

🏒 Ownership & Registration

OrganizationUnredacted Inc
ASNAS401401
Network Nameβ€”
CIDR Blockβ€”
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)

πŸ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureUnknown
Service PurposeWeb Server
Network TierUnknown β€” Insufficient routing data to classify
No specific classification

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
80httptcpβ€”
443httpstcpβ€”
Closed Ports22, 25, 3389, 8080, 8443 (2 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
CN=www.yishwjinlbw.net
Issued by CN=www.hk33xpsu3cz.com
Self-signed: No
SANsNone
Valid From2025-10-14T00:00:00+00:00
Valid Until2026-10-07T00:00:00+00:00
TLS ProtocolTls13
Cipher SuiteTLS_AES_256_GCM_SHA384
Signature Algorithmsha256RSA
Validity Period358 days
Serial Number00A79D3B1F9321E5F0
Thumbprint0AAFF0E65A68A4D8DCCA983D5A1A6A5ADBD10DFB

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
27%
24
routing
13%
11
services
31%
23
ownership
27%
23
reputation
26%
13
geolocation
30%
23
Overall26%1017
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceMostly Consistent (80%) β€” 1 contradiction(s)
AttributionLow (35%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid
⚠ Claimed geolocation contradicts RTT physics measurement

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-22 13:35:45 UTC
Last Seen2026-06-20 19:19:08 UTC
Profile Built2026-06-20 23:27:51 UTC
Data FreshnessLive
Signal Types21
Total Observations48
πŸ” 21 signal types Β· 48 observations collected
This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.