IP Intelligence Briefing: 45.95.169.119
Date: 2026-06-09
---
**1. Core Risk Profile**
- Risk Score: 70 (High Risk)
- Threat Indicators:
- Tor exit node activity detected.
- DNS association with `tor-exit-croatia.bronk-ict.nl` (linked to Tor infrastructure).
- Network Role: Identified as a Tor Exit Node, suggesting potential anonymization or illicit traffic routing.
- Ownership: Registered to Damir Flekac (ASN 211619), with ARIN-regulated IP space.
- Geolocation: US (Boston, MA).
---
**2. Threat Observations**
- Tor Exit Activity: Confirmed via multiple signals (DNS, BGP, and network classification).
- DNS Analysis:
- PTR hostname `tor-exit-croatia.bronk-ict.nl` resolved to the IP.
- SPF and DMARC records detected, but no email-related abuse indicators.
- Network Behavior:
- Open ports: HTTP (80) and HTTPS (443).
- TLS certificate anomalies: Subject `CN=www.cnyi4zngoxsk.net` and issuer `CN=www.wabkalfs.com` (potentially spoofed).
- BGP & Routing:
- Subnet `45.95.169.0/24` has abuse density score 1 (low), but 1 active sibling IP (45.95.169.104) with risk score 70.
---
**3. Temporal Trends**
- Recent Activity (30 days):
- 1 observation of Tor exit node behavior.
- 2 DNS resolution events (consistent with Tor exit node patterns).
- 1 connection failure attempt (HTTPS, fingerprinted as "connection_failed").
- Stability: Low stability score (0.26) due to inconsistent routing and service anomalies.
---
**4. Network Relationships**
- Linked Entities:
- Same Network: `MAXKO-HOSTING-HR` (ASN 211619).
- DNS: `tor-exit-croatia.bronk-ict.nl` (linked to Tor infrastructure).
- Neighbor Analysis:
- Subnet `45.95.169.119/24` contains 2 IPs, 1 active (risk score 70).
---
**5. Recommendations**
- Monitoring:
- Flag Tor exit node traffic originating from this IP.
- Monitor DNS queries to `tor-exit-croatia.bronk-ict.nl` for potential command-and-control (C2) activity.
- Network Segmentation:
- Isolate traffic from this subnet (45.95.169.0/24) to mitigate lateral movement risks.
- Firewall Rules:
- Block all traffic from this IP using iptables/nftables rules.
- Consider AWS WAF or Cloudflare WAF rules to filter Tor-related traffic.
---
Conclusion:
This IP is associated with Tor exit node infrastructure, indicating potential use in anonymized or malicious traffic. While the subnet has low abuse density, the high risk score and Tor association necessitate immediate monitoring and network segmentation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Damir Flekac |
| ASN | AS211619 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | tor-exit-croatia.bronk-ict.nl |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | tor-exit-croatia.bronk-ict.nl |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | 2026-01-15T00:00:00+00:00 |
| Valid Until | 2027-01-12T00:00:00+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 362 days |
| Serial Number | 7F116C420B2E6F16 |
| Thumbprint | 2C2E29A8391BB7BFF614C501EEF6012083EFC15F |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:44 UTC |
| Last Seen | 2026-06-26 21:06:50 UTC |
| Profile Built | 2026-06-27 17:03:54 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 52 |
Full dossier details are available via our API.