IP Intelligence Briefing: 23.129.64.158
*Generated via IPDebrief Threat Intelligence Platform*
---
**Core Profile**
- Risk Score: 80 (High Risk)
- Ownership: Linked to Emerald Onion (Tor exit node operator).
- Geolocation: Seattle, WA, USA (plausible, but geolocation validation failed).
- Network Role: Tor exit node, hosting HTTP/HTTPS services (ports 80/443).
- TLS Certificates: Issued to domains like `www.gk3vfzr5ipk5dg.com` and `www.rolubat7jq4hgjsbo5.net` (potential phishing/malware indicators).
---
**Threat Observations**
- No direct malware or exploit indicators detected.
- Tor Exit Node: Suggests potential anonymity layer, but Tor nodes can be abused for illicit traffic.
- TLS Analysis:
- TLS 1.3 protocol used.
- Certificates show mixed validity (self-signed, expired, or untrusted SANs).
- Network Neighbors:
- Subnet 23.129.64.0/24 has 42 high-risk siblings (abuse density: 43.3%).
- 8 neighbors flagged as high-risk (average risk score: 70).
---
**Temporal Trends**
- Recent Scans:
- TLS handshake observed on 2026-06-12 (no anomalies detected).
- No persistent malicious activity or campaign correlations.
- Stability: BGP route stable (no recent changes).
---
**Recommended Actions**
1. Monitor Traffic: Track HTTP/HTTPS traffic from this IP for suspicious payloads or C2 communication.
2. Block Tor Exit Nodes: Consider blocking Tor exit nodes in your network to prevent anonymity-based attacks.
3. Investigate TLS Domains: Validate domains in TLS certificates (`www.gk3vfzr5ipk5dg.com`, etc.) for phishing or malware campaigns.
4. Subnet-Level Mitigation: Implement rules to restrict or monitor traffic from the 23.129.64.0/24 subnet due to high abuse density.
---
Note: This IP is associated with Tor infrastructure, which is inherently linked to privacy-preserving networks but can be exploited by threat actors. Further investigation into the TLS certificates and subnet neighbors is recommended.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Emerald Onion |
| ASN | AS396507 |
| Network Name | β |
| CIDR Block | 23.129.64.0/24 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
CN=www.uu3perb4.net was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.| SANs | None |
| Valid From | 2026-06-16T00:00:00+00:00 |
| Valid Until | 2026-06-28T23:59:59+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 12 days |
| Serial Number | 4F7E059F55BE9EBC |
| Thumbprint | 18E032298D3CA0CCF59CC0D78FBF90DF7D355A5D |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 57% | 2 | 12 |
| routing | 24% | 2 | 3 |
| services | 34% | 2 | 3 |
| ownership | 37% | 3 | 9 |
| reputation | 28% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 34% | 12 | 33 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:51 UTC |
| Last Seen | 2026-06-26 21:06:52 UTC |
| Profile Built | 2026-06-27 16:05:00 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 65 |
Full dossier details are available via our API.