IP Intelligence Briefing: 23.129.64.157
*Last Updated: 2026-06-13*
---
**1. Core Profile**
- Risk Score: 70 (High Risk)
- Ownership:
- ASN: 396507
- Organization: Emerald Onion (Tor Exit Node)
- Geolocation: Seattle, WA, US (geoPlausible: False)
- Threat Indicators:
- No direct malicious indicators (no blacklists, spam, or campaigns).
- Tor Exit Node (network role), which may be used for anonymity or covert traffic.
- Services:
- Open ports: HTTP (80), HTTPS (443)
- TLS Certificate: Issued to `www.c6svsqpg2alibuyuzfz.com` (self-signed).
---
**2. Observation History**
- Geo Validation Violation:
- RTT (Round Trip Time) of 85ms for a distance of ~7,626km, which is below expected minimum (152.5ms). This suggests potential spoofing, proxy usage, or misconfigured routing.
- Network Stability:
- Operator score: 0.26 (Basic), with 3/8 signals analyzed.
- Route stability: Stable over 30 days.
---
**3. Relationships**
- Linked Entities:
- Same Network: EMERALD-ONION-TOR1 (repeated 69 times).
- Subnet: 23.129.64.0/24 (mixed classification, abuse density: 0.4845).
- Neighbor Risk:
- 11 high-risk neighbors (11/96 active IPs in subnet).
- 47 threat siblings (IPs with similar risk profiles).
---
**4. Neighborhood Analysis**
- Subnet Abuse Density: 48.45% (moderate risk).
- High-Risk Neighbors:
- IPs like 23.129.64.99, 23.129.64.130, and 23.129.64.131 share similar risk scores (70/66).
- Inherited Risk: 19 (substantial risk from neighboring IPs).
---
**5. Recommendations**
- Monitor Traffic:
- Track traffic originating from or destined to this Tor exit node, as it may be used for covert activities.
- Investigate Neighbors:
- Focus on high-risk neighbors in the 23.129.64.0/24 subnet for potential lateral movement or cluster-based threats.
- Geolocation Verification:
- Validate the IPβs location due to geoPlausible flag and RTT anomalies. Consider routing-based spoofing.
- Network Segmentation:
- Isolate Tor-related traffic to prevent misuse of exit nodes for data exfiltration or command-and-control (C2) activities.
---
Next Steps:
- Cross-reference with threat feeds for emerging campaigns tied to Emerald Onion.
- Validate TLS certificate validity and potential misuse of self-signed certificates.
- Review subnet abuse patterns for broader network compromise risks.
*End of Briefing*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Emerald Onion |
| ASN | AS396507 |
| Network Name | β |
| CIDR Block | 23.129.64.0/24 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | 2026-06-16T00:00:00+00:00 |
| Valid Until | 2026-07-25T00:00:00+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 39 days |
| Serial Number | 00E508CB02F9B7FAB8 |
| Thumbprint | 6A56E0FED930DB1F686E6DBE11865EA2FAE5ABF0 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 46% | 2 | 5 |
| routing | 24% | 2 | 3 |
| services | 34% | 2 | 3 |
| ownership | 36% | 3 | 9 |
| reputation | 20% | 1 | 2 |
| geolocation | 31% | 2 | 3 |
| Overall | 32% | 12 | 25 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:50 UTC |
| Last Seen | 2026-06-26 21:06:52 UTC |
| Profile Built | 2026-06-27 16:07:15 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 59 |
Full dossier details are available via our API.