IP Intelligence Briefing: 23.129.64.141
Date: 2026-06-09
---
**1. Core Risk Profile**
- Risk Score: 70 (High Risk)
- Provider/Authority Score: 0
- Network Role: Tor Exit Node (EMERALD-ONION-TOR1)
- Geolocation: Seattle, WA, USA (plausibility: false, RTT anomaly detected)
- Ownership: Emerald Onion (AS396507), ARIN-registed, abuse contact available
---
**2. Threat Indicators**
- Tor Exit Node: Confirmed via network classification (signal_type_id 5).
- TLS Services: Open ports 80/443 with TLSv1.3 certificate (issuer: www.pzjcphjau5hzq72o5.com, subject: www.ytmjaxhbrsw.net).
- Abuse Density: Subnet (23.129.64.0/24) has 8.3% abuse density (8 high-risk neighbors).
- Historical Signals:
- TLS scan (2026-06-09) detected certificate chain with no validity errors.
- Connection failure observed (signal_type_id 12), suggesting potential misconfiguration or evasion.
---
**3. Network Relationships**
- Linked Entities:
- EMERALD-ONION-TOR1 (same network, 25 relationships).
- Subnet: 23.129.64.0/24 (96 total IPs, 8 high-risk neighbors).
- Neighbor Risk Distribution:
- 8 IPs with high risk (70 score), 88 medium risk, 0 low risk.
---
**4. Behavioral Observations**
- Recent Activity (2026-06-09):
- TLS scan detected (ports 80, 443).
- Geolocation inconsistency: RTT of 79ms vs. expected 152.5ms for 7,626km distance.
- Stability: Subnet route instability (isRouteStable: false) and minimal operator score (0.13).
---
**5. Recommended Actions**
- Block/Rate Limit: Implement firewall rules to block traffic from 23.129.64.141/24 due to high-risk subnet and Tor association.
- Monitor Neighbors: Investigate high-risk neighbors (e.g., 23.129.64.99, 23.129.64.130).
- TLS Inspection: Analyze the TLS certificate chain (issuer: www.pzjcphjau5hzq72o5.com) for malicious domains or mismatches.
- Geolocation Verification: Validate IP geolocation anomalies via alternative probes.
---
Conclusion: This IP is a Tor exit node linked to a high-risk subnet. While not a direct attacker, its association with Tor and network instability warrants monitoring. Prioritize blocking traffic from this subnet and investigate related IPs for potential threat expansion.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Emerald Onion |
| ASN | AS396507 |
| Network Name | β |
| CIDR Block | 23.129.64.0/24 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | 2026-05-18T00:00:00+00:00 |
| Valid Until | 2026-07-12T00:00:00+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 55 days |
| Serial Number | 0090BC91E92313F794 |
| Thumbprint | 509F2D6A3AC57AFC112D75D6BF871FD383CEE708 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 34% | 2 | 4 |
| routing | 24% | 2 | 3 |
| services | 30% | 2 | 3 |
| ownership | 36% | 3 | 5 |
| reputation | 32% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 30% | 12 | 21 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:50 UTC |
| Last Seen | 2026-06-26 21:06:52 UTC |
| Profile Built | 2026-06-27 18:02:50 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 54 |
Full dossier details are available via our API.