45.61.184.51
IP Intelligence Briefing: 45.61.184.51
Date: 2026-06-15
---
**1. Core Profile**
- Risk Score: 59 (Moderate Risk)
- Ownership: Registered to FranTech Solutions (AS 53667, ARIN).
- Geolocation: Claimed to be in Miami, FL, US. Geo validation flags inconsistency (RTT discrepancy for distance).
- Threat Indicators:
- Tor Exit Node (confirmed via multiple sources).
- DNSSEC validation and BGP route stability appear normal.
- Network Role: Identified as a Tor exit node with SSH service (port 22) active.
---
**2. Observation History**
- Recent Activity (Last 7 Days):
- Consistent low-risk profile (avg. score ~30).
- Geo validation anomalies: RTT (47ms) contradicts 7,555km distance, suggesting potential IP spoofing or misconfigured geolocation.
- No spikes in threat indicators or DNS anomalies.
---
**3. Relationships & Network Context**
- Associated Networks:
- Linked to PONYNET-15 (same /22 subnet).
- Neighbors (45.61.184.0/24):
- 3 active IPs; 2 flagged as medium-risk, 1 low-risk.
- Subnet abuse density: 0% (mostly clean).
---
**4. Threat & Security Context**
- Tor Exit Node:
- Tor exit nodes are often used for anonymizing malicious traffic. Monitor for C2 activity or data exfiltration.
- SSH Service:
- Open port 22 with SSH banner. Ensure no weak credentials or brute-force attempts are detected.
- DNS & TLS:
- No DNS records or TLS certs found. Potential for hidden services or misconfigured infrastructure.
---
**5. Recommendations**
1. Monitor Tor Traffic: Investigate outbound connections from this IP for suspicious payloads or C2 domains.
2. Validate Geolocation: Verify the IPβs true location, as geo validation discrepancies may indicate spoofing.
3. Secure SSH: Enforce strong SSH configurations (e.g., key-based auth, rate limiting) to prevent unauthorized access.
4. Track Neighbors: Monitor the 45.61.184.0/24 subnet for emerging threats, as two neighbors show medium risk.
---
Summary: While the IP itself is not overtly malicious, its association with Tor exit nodes and geolocation inconsistencies warrant closer scrutiny. Focus on traffic patterns and network perimeter defenses.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | FranTech Solutions |
| ASN | AS53667 |
| Network Name | β |
| CIDR Block | 45.61.184.0/22 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 40% | 2 | 5 |
| routing | 17% | 2 | 3 |
| services | 12% | 2 | 2 |
| ownership | 30% | 3 | 7 |
| reputation | 28% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 26% | 12 | 23 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:45 UTC |
| Last Seen | 2026-06-28 19:29:01 UTC |
| Profile Built | 2026-06-29 07:33:24 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 53 |
Full dossier details are available via our API.