23.129.64.143
IP Intelligence Dossier
Your IP: 216.73.216.123
π€ Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
IP Intelligence Briefing: 23.129.64.143
Date: 2026-06-12
---
**Key Risk Indicators**
- Risk Score: 70 (High Risk)
- Threat Classification: Tor exit node (confirmed via indicators)
- Network Role: Tor Exit Node (part of Emerald Onion network)
- Geolocation: Seattle, WA, US (geoPlausible: False)
- Abuse Density: 10.4% (subnet abuse density: 0.104)
---
**Ownership & Infrastructure**
- AS: AS396507 (Emerald Onion)
- Network: 23.129.64.0/24 (subnet abuse density: 43.3%)
- Services: Open ports 80 (HTTP) and 443 (HTTPS). TLS certificate with self-signed issuer "www.gburjfag.com".
- BGP: Route stability confirmed; AS path: 6939 396507.
---
**Threat Observations**
- Tor Exit Activity: Confirmed as Tor exit node with 1 observed threat signal.
- DNS & Email: No SPF/DMArc records detected; no email auth configuration.
- TLS: TLS 1.3 used with cipher suite TLS_AES_256_GCM_SHA384.
- Historical Signals:
- 41 total observations (last 30 days).
- 17 high-risk signals (e.g., DNSBL listings, route instability).
- 42 neighboring IPs in subnet classified as high/medium risk.
---
**Neighbor Network Analysis**
- Subnet: 23.129.64.0/24 (97 total IPs).
- High-Risk Neighbors: 10 IPs (10.3% of subnet).
- Abuse Density: 43.3% of subnet IPs flagged for abuse.
- Notable Neighbors:
- 23.129.64.99, 23.129.64.130, 23.129.64.131 (all high/medium risk).
---
**Actionable Threat Narrative**
This IP is a Tor exit node associated with the "Emerald Onion" network, which is linked to anonymized traffic. The high-risk score and Tor exit indicators suggest potential misuse forιθ½ malicious activities.
- Monitor for Anomalous Traffic: Track connections to this IP for unusual patterns (e.g., mass scans, data exfiltration).
- Subnet-Wide Risk: The subnet has a 43.3% abuse density, with 10 high-risk neighbors. Consider blocking the entire subnet or implementing granular access controls.
- TLS & Services: The TLS configuration is outdated (TLS 1.3 with weak cipher suites). Investigate if this IP is hosting malicious services.
- Geolocation Discrepancy: GeoPlausible flag is false, indicating potential spoofing or misconfigured routing.
Recommendation: Block this IP unless itβs part of a legitimate Tor infrastructure. Prioritize monitoring related IPs in the 23.129.64.0/24 subnet for coordinated threats.
---
Source: IPDebrief Threat Intelligence Platform.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Emerald Onion |
| ASN | AS396507 |
| Network Name | β |
| CIDR Block | 23.129.64.0/24 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
CN=www.kd5nl3lplnzeab.net
Issued by CN=www.6anmqz6oapt.com
Self-signed: No
| SANs | None |
| Valid From | 2026-06-04T00:00:00+00:00 |
| Valid Until | 2026-09-25T23:59:59+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 113 days |
| Serial Number | 77214B97F17EB641 |
| Thumbprint | 71D99AE765C158ED0366BF0BFC6503F12FE7C18C |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 42% | 2 | 5 |
| routing | 24% | 2 | 3 |
| services | 34% | 2 | 3 |
| ownership | 37% | 3 | 9 |
| reputation | 28% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 33% | 12 | 26 |
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
β Claimed geolocation contradicts RTT physics measurement
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:50 UTC |
| Last Seen | 2026-06-26 21:06:52 UTC |
| Profile Built | 2026-06-27 16:05:00 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 59 |
π 25 signal types Β· 59 observations collected
This report is generated from 25+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
βΉοΈ About This Report
All data shown is publicly available network metadata β IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.