23.129.64.186
IP Intelligence Briefing: 23.129.64.186
Date: 2026-06-10
---
**Key Risk Indicators**
- Risk Score: 70 (High Risk)
- Provider/Authority Scores: 0/0 (No authoritative ownership data)
- Threat Classification: Tor Exit Node (emerging risk)
- Subnet Abuse Density: 7% (moderate risk, 17/97 neighbors flagged)
---
**Ownership & Geolocation**
- ASN: 396507 (Emerald Onion)
- Organization: Emerald Onion (Tor Exit Node)
- Geolocation: Seattle, WA, US (geo-validation flagged as implausible due to RTT anomalies)
- Network Role: Tor Exit Node (no residential/mobile carrier data)
---
**Threat & Service Analysis**
- Services:
- HTTP/HTTPS on ports 80/443
- TLS Certificate:
- Issuer: `www.rrgwpjzijxpxp.com`
- Subject: `www.zvoe6bw4ox4qhozoh.net`
- No valid SPF/DMArc records; self-signed certificate detected.
- Threat Indicators:
- No direct malware/IP reputation matches.
- Subnet contains 17 high-risk neighbors (7% abuse density).
---
**Historical Observations**
- Signal Trends:
- 29 observations over 30 days; 12% flagged as high-risk.
- DNSSEC validation and BGP route stability consistently reported.
- Anomalies:
- 4 DNSBL listings (high severity).
- Geo-validation violations (RTT discrepancies for distance).
---
**Relationships & Network Context**
- Network Affiliation:
- Linked to 33+ IPs in the `EMERALD-ONION-TOR1` subnet.
- Shared ASN (396507) with other Tor exit nodes.
- Neighbor Analysis:
- 18% of subnet IPs flagged as high-risk; 71% low-risk.
---
**Recommended Actions**
1. Block Traffic: Apply firewall rules to block traffic from 23.129.64.186/24 (see `ipdebrief_actions` for rule templates).
2. Monitor Subnet: Investigate high-risk neighbors in the `23.129.64.0/24` subnet.
3. Validate Certificates: Scrutinize TLS certificates for malicious domains (`rrgwpjzijxpxp.com`, `zvoe6bw4ox4qhozoh.net`).
4. Geolocation Verification: Validate IP location anomalies; consider spoofing or misconfigured infrastructure.
Note: This IP is associated with Tor exit nodes, which are often used for anonymity but can also be leveraged for malicious activities. Further investigation into certificate domains and subnet behavior is recommended.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Emerald Onion |
| ASN | AS396507 |
| Network Name | β |
| CIDR Block | 23.129.64.0/24 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 57% | 2 | 13 |
| routing | 24% | 2 | 3 |
| services | 32% | 2 | 3 |
| ownership | 42% | 3 | 10 |
| reputation | 28% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 36% | 12 | 35 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:49 UTC |
| Last Seen | 2026-06-26 21:06:52 UTC |
| Profile Built | 2026-06-27 16:00:30 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 71 |
Full dossier details are available via our API.