23.129.64.192
IP Intelligence Briefing: 23.129.64.192
*Generated via IPDebrief tools: Profile, History, Relationships, Neighbors, Actions*
---
**Key Risk Indicators**
- Risk Score: 70/100 (High Risk)
- Network Role: Tor Exit Node (provider: Emerald Onion)
- Geolocation: Registered to Seattle, WA, US, but geo validation flags inconsistency (RTT anomalies suggest potential misregistration).
- Threat Context: No direct malicious indicators (no blacklists, spam, or known campaigns), but elevated risk score due to Tor association.
---
**Ownership & Network**
- AS: AS396507 (Emerald Onion)
- Subnet: 23.129.64.0/24
- Neighbor Analysis:
- Subnet abuse density: 10.4% (moderate).
- 45/96 active neighbors flagged as high/medium risk.
- Siblings include IPs with similar risk profiles (e.g., 23.129.64.99, 23.129.64.130).
---
**Network Activity & Services**
- Open Ports: HTTP (80), HTTPS (443)
- TLS Certificate:
- Issuer: `CN=www.tzu77yrm.com`
- Subject: `CN=www.hvhhic73mo4bhw7wcgcu.net`
- No self-signed or expired certificates detected.
- BGP Context:
- AS Path: `6939 396507`
- Route stability: Stable (no recent changes).
---
**Threat Observations**
- Historical Signals:
- 46 observations over 30 days (last update: 2026-06-13).
- Mixed reputation signals (some DNSBL listings, but no confirmed abuse).
- Temporal Trends: No persistent malicious activity detected.
---
**Recommended Actions**
1. Monitor Traffic:
- Due to Tor exit node association, monitor traffic for unusual patterns (e.g., data exfiltration, C2 attempts).
2. Firewall Rules:
- Block via iptables: `iptables -A INPUT -s 23.129.64.192 -j DROP`
- AWS WAF: Add `23.129.64.192/32` to a custom rule.
3. Investigate Neighbors:
- Review high-risk siblings (e.g., 23.129.64.99) for potential network compromise.
---
**Conclusion**
This IP is part of a Tor exit node network with no direct malicious indicators but elevated risk due to its association with Tor. While it may not be actively malicious, its position in a Tor network could be exploited for anonymity-based attacks. SOC teams should prioritize monitoring and consider blocking based on organizational threat posture.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Emerald Onion |
| ASN | AS396507 |
| Network Name | β |
| CIDR Block | 23.129.64.0/24 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 46% | 2 | 5 |
| routing | 24% | 2 | 3 |
| services | 34% | 2 | 3 |
| ownership | 36% | 3 | 9 |
| reputation | 20% | 1 | 2 |
| geolocation | 34% | 2 | 3 |
| Overall | 32% | 12 | 25 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:49 UTC |
| Last Seen | 2026-06-26 21:06:52 UTC |
| Profile Built | 2026-06-27 16:05:00 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 60 |
Full dossier details are available via our API.