45.95.169.119

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 45.95.169.119

Date: 2026-06-09

---

1. Core Risk Profile

Risk Score: 70 (High Risk)
Threat Indicators:

- Tor exit node activity detected.

- DNS association with `tor-exit-croatia.bronk-ict.nl` (linked to Tor infrastructure).

Network Role: Identified as a Tor Exit Node, suggesting potential anonymization or illicit traffic routing.
Ownership: Registered to Damir Flekac (ASN 211619), with ARIN-regulated IP space.
Geolocation: US (Boston, MA).

---

2. Threat Observations

Tor Exit Activity: Confirmed via multiple signals (DNS, BGP, and network classification).
DNS Analysis:

- PTR hostname `tor-exit-croatia.bronk-ict.nl` resolved to the IP.

- SPF and DMARC records detected, but no email-related abuse indicators.

Network Behavior:

- Open ports: HTTP (80) and HTTPS (443).

- TLS certificate anomalies: Subject `CN=www.cnyi4zngoxsk.net` and issuer `CN=www.wabkalfs.com` (potentially spoofed).

BGP & Routing:

- Subnet `45.95.169.0/24` has abuse density score 1 (low), but 1 active sibling IP (45.95.169.104) with risk score 70.

---

3. Temporal Trends

Recent Activity (30 days):

- 1 observation of Tor exit node behavior.

- 2 DNS resolution events (consistent with Tor exit node patterns).

- 1 connection failure attempt (HTTPS, fingerprinted as "connection_failed").

Stability: Low stability score (0.26) due to inconsistent routing and service anomalies.

---

4. Network Relationships

Linked Entities:

- Same Network: `MAXKO-HOSTING-HR` (ASN 211619).

- DNS: `tor-exit-croatia.bronk-ict.nl` (linked to Tor infrastructure).

Neighbor Analysis:

- Subnet `45.95.169.119/24` contains 2 IPs, 1 active (risk score 70).

---

5. Recommendations

Monitoring:

- Flag Tor exit node traffic originating from this IP.

- Monitor DNS queries to `tor-exit-croatia.bronk-ict.nl` for potential command-and-control (C2) activity.

Network Segmentation:

- Isolate traffic from this subnet (45.95.169.0/24) to mitigate lateral movement risks.

Firewall Rules:

- Block all traffic from this IP using iptables/nftables rules.

- Consider AWS WAF or Cloudflare WAF rules to filter Tor-related traffic.

---

Conclusion:

This IP is associated with Tor exit node infrastructure, indicating potential use in anonymized or malicious traffic. While the subnet has low abuse density, the high risk score and Tor association necessitate immediate monitoring and network segmentation.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	US-MA
City	Boston
Timezone	America/New_York
Latitude	45.47
Longitude	16.39

🏢 Ownership & Registration

Organization	Damir Flekac
ASN	AS211619
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	tor-exit-croatia.bronk-ict.nl
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`tor-exit-croatia.bronk-ict.nl`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Web Server
Network Tier	Tier 3 — Basic operator with some routing infrastructure

Tor

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
Closed Ports	22, 25, 3389, 8080, 8443 (2 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

CN=www.cnyi4zngoxsk.net

Issued by CN=www.wabkalfs.com

Self-signed: No

SANs	None
Valid From	2026-01-15T00:00:00+00:00
Valid Until	2027-01-12T00:00:00+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	362 days
Serial Number	7F116C420B2E6F16
Thumbprint	2C2E29A8391BB7BFF614C501EEF6012083EFC15F

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	4
routing	13%	1	1
services	26%	2	3
ownership	24%	2	3
reputation	26%	1	3
geolocation	19%	2	2
Overall	23%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Moderate (55%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Geo sources disagree on country: HR, US

📅 Observation Timeline 🔄 Live

First Seen	2026-05-22 13:35:44 UTC
Last Seen	2026-06-26 21:06:50 UTC
Profile Built	2026-06-27 17:03:54 UTC
Data Freshness	Live
Signal Types	23
Total Observations	52

🔍 23 signal types · 52 observations collected

This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

45.95.169.119📋 Copy

**1. Core Risk Profile**

**2. Threat Observations**

**3. Temporal Trends**

**4. Network Relationships**

**5. Recommendations**