45.66.35.22
IP Intelligence Briefing: 45.66.35.22
*Last Updated: 2026-06-09*
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Ownership:
- ASN: 61125 (SABOTAGE NOC)
- Geolocation: Amsterdam, Netherlands (52.13°N, 5.29°E)
- ISP: SABOTAGE LLC (ARIN-registered)
- Threat Indicators:
- No malicious indicators, blacklists, or campaigns detected.
- Not a Tor exit node, but associated with Tor-related DNS (ams02.torexit.nl).
---
**2. Network Behavior**
- Role: Part of Tor Exit Node infrastructure (classified as "Firewalled / No Services").
- Subnet: 45.66.35.0/24
- Abuse Density: 0 (clean)
- Neighbor Risk: 16 IPs in subnet; 5 with medium risk (25โ70), 11 with low risk.
- Notable Neighbors:
- 45.66.35.24, 25, 28โ30 (risk scores 70).
---
**3. Historical Observations**
- Signal Trends:
- Stable risk profile since 2026-06-09.
- No spikes in DNS, BGP, or service anomalies.
- Consistency:
- DNSSEC and routing integrity flagged as valid.
- No recent enumeration or honeypot activity.
---
**4. Relationships & Context**
- Linked Entities:
- DNS: ams02.torexit.nl (Tor-related hostname).
- Network: SABOTAGE NOC (ASN 61125).
- Classification:
- No known malicious campaigns or email compromises.
---
**5. SOC Recommendations**
- Monitor: Traffic patterns to/from Tor-associated DNS (ams02.torexit.nl).
- Subnet Watch: Track higher-risk neighbors (e.g., 45.66.35.24โ30) for lateral movement.
- Verify: Confirm SABOTAGE NOCโs legitimacy via RDAP and ARIN records.
Conclusion: This IP is low-risk but linked to Tor infrastructure. While no immediate threats are detected, its association with Tor exit nodes warrants ongoing monitoring for potential misuse.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | SABOTAGE NOC |
| ASN | AS61125 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | ams02.torexit.nl |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | ams02.torexit.nl |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Multi-Service Host |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 443, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u7 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 21% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 18% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 20% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 13:35:39 UTC |
| Last Seen | 2026-06-26 21:06:48 UTC |
| Profile Built | 2026-06-27 10:37:24 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 49 |
Full dossier details are available via our API.