23.191.200.62
IP Intelligence Briefing: 23.191.200.62
Date: 2026-06-09
**Overview**
- Risk Profile: High Risk (Risk Score: 70) | Threat Type: Tor Exit Node
- Ownership: Registered to Unredacted Inc (ASN 401401) | RIR: ARIN
- Geolocation: New York, NY, US (GeoPlausible: False)
- Threat Indicators:
- Confirmed Tor exit node activity
- Blacklisted in 1 threat feed
- No known malware campaigns or spam sources
---
**Key Observations**
1. Tor Exit Node Activity
- The IP is flagged as a Tor exit node, which is a common entry point for anonymized traffic.
- Observed in 18 historical records (last 30 days), with consistent Tor exit node classification.
- RTT anomalies: GeoPlausible flag is false due to inconsistent RTT (45ms vs. expected 152.5ms for 7,626km distance).
2. Network Behavior
- Subnet: 23.191.200.0/24 | Abuse Density: 0 (clean)
- Neighbor Risk: 71 IPs in subnet (71% medium risk, 29% low risk). No high-risk siblings.
- Provider: Unredacted Inc (ASN 401401) shows no CDN/cloud/mobile infrastructure.
3. Threat Context
- No malicious services (no open ports, TLS certs, or HTTP banners).
- DNSSEC valid but no email authentication (SPF/DKIM/DMArC not configured).
- BGP stability: Route changes last 30 days: 0 | Stability Score: 0.13 (Minimal).
---
**Actionable Insights**
- Monitor Traffic: This IP is a potential entry point for Tor-based threats. Investigate traffic patterns for anomalous behavior.
- Block Tor Exit Nodes: If not required, consider blocking Tor exit nodes in firewall rules (e.g., iptables, Cloudflare WAF).
- Subnet Analysis: While the subnet has low abuse density, 71% of neighbors are medium-risk. Prioritize monitoring of high-risk siblings.
- Geolocation Discrepancy: The IPβs geoPlausible flag is false. Verify if the IP is part of a spoofed or misconfigured network.
Recommendation: Treat this IP as a high-risk Tor exit node and apply visibility rules to monitor its traffic. Cross-reference with subnet neighbors for potential lateral movement indicators.
Source: IPDebrief Threat Intelligence Platform.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Unredacted Inc |
| ASN | AS401401 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 20% | 9 | 14 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:46 UTC |
| Last Seen | 2026-06-26 21:06:51 UTC |
| Profile Built | 2026-06-27 18:09:47 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 45 |
Full dossier details are available via our API.