94.16.116.81
IP Intelligence Briefing: 94.16.116.81
Date: 2026-06-09
---
**Core Profile**
- Risk Score: 70 (High Risk)
- Provider: ANEXIA-MNT (netcup gmbh)
- Geolocation: Nuremberg, Bavaria, Germany (49.47°N, 12.36°E)
- Network Role: Tor Exit Node
- Threat Indicators:
- Identified as a Tor exit node (potential anonymity layer for malicious traffic).
- Observed in 50+ threat feeds (e.g., malware distribution, phishing).
---
**Observation History**
- Latest Activity: 2026-06-09
- Threat Signals: Tor exit node activity, 50+ pulse detections (malware, phishing).
- Network Stability: Unstable routing (BGP route changes in 30 days).
- DNS: Resolves to `tor-exit-0071.fourwinds.cc` (no email auth, no SPF/DKIM).
---
**Network Relationships**
- Linked Entities:
- DNS: `tor-exit-0071.fourwinds.cc` (high-risk domain).
- Network: Subnet `94.16.116.0/22` (netcup gmbh).
- Infrastructure: No cloud/CDN/VPN/ISP hosting detected.
---
**Neighborhood Analysis**
- Subnet: `94.16.116.81/24`
- Abuse Density: 0% (clean subnet).
- Neighbors: No active IPs detected in the subnet.
---
**Threat Context**
- Tor Exit Node: This IP serves as a Tor exit node, which could mask malicious activities (e.g., C2 communication, data exfiltration).
- Linked Domain: `fourwinds.cc` may host malicious services or phishing assets.
- Routing: Unstable BGP routing (potential for traffic manipulation).
---
**Recommended Actions**
1. Monitor Traffic: Block Tor exit node traffic if not required (use iptables/nftables rules).
2. Investigate Domain: Analyze `fourwinds.cc` for malicious campaigns or phishing attempts.
3. Verify Ownership: Confirm netcup gmbhโs compliance with network security policies.
4. Enhance DNS Security: Implement DNSSEC and monitor DNS resolution for `tor-exit-0071.fourwinds.cc`.
---
Conclusion: This IP is a high-risk Tor exit node linked to a suspicious domain. While the subnet is clean, the Tor association warrants immediate investigation and potential mitigation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | ANEXIA-MNT |
| ASN | AS197540 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | tor-exit-0071.fourwinds.cc |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | tor-exit-0071.fourwinds.cc |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| Closed Ports | 22, 25, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 13:35:42 UTC |
| Last Seen | 2026-06-26 21:06:49 UTC |
| Profile Built | 2026-06-27 17:22:25 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 51 |
Full dossier details are available via our API.