23.129.64.139 Threat Intelligence and Host Information

Share on:

Oct 21, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 23.129.64.139 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 80/100

Host and Network Information

Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force
Tags: Bruteforce, Brute-Force, cowrie, cyber security, ioc, malicious, Nextray, phishing, ssh, SSH, tor
Known tor exit node
View other sources: Spamhaus VirusTotal
Contained within other IP sets: blocklist_de, blocklist_de_ssh, blocklist_net_ua, dm_tor, et_tor, greensnow, php_dictionary_30d, php_harvesters_1d, php_harvesters, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, tor_exits
Known TOR node
Country: United States
Network: AS396507 emerald onion
Noticed: 1 times
Protcols Attacked: redis ssh
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 20 dfc41ce030340214dfb943f97574b23d44728460586c139e7873732fcd44c1af b11e614cdd02aecb8d6ae65bf67bfac8cbefd68830065217e2cb48922743bb12 fe551a23d01b84b2fa11feb5c087a66532dc9b7b2c3bb60d715f9661b05c5653 ff8f1de68e86ef17d9fcd554d6ae95f215c5547cca2d4163600a7b6212b7d17f a6940a46bd8479a57b95ae7b8d2542dd523b3745c964e889da3616cacecfbe68 f046b65739764aa74d38bfaf666094d45ad087b3bc6430c5a19c599b1735a54e 949c6737d24f301ca7ea79dfd0936614bb3158ca66be70a842e7e0a7510d8616 7cf34eadb163afa46e8936bc8a37c38d51a646079d39897397ab6bd3fd527f9a b73eaa192ab95cab8e279d904a301d61ec84be69781b369bd73e538437680bc3 175947117e7dfbe4d0b437034d850cb8bb063038d1b1ab0219c56ddc6464b395

Open Ports Detected

22 443 80

Map

Whois Information

NetRange: 23.129.64.0 - 23.129.64.255
CIDR: 23.129.64.0/24
NetName: EMERALD-ONION-TOR1
NetHandle: NET-23-129-64-0-1
Parent: NET23 (NET-23-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS396507
Organization: Emerald Onion (EO-95)
RegDate: 2017-07-19
Updated: 2021-02-27
Comment: https://emeraldonion.org/
Ref: https://rdap.arin.net/registry/ip/23.129.64.0
OrgName: Emerald Onion
OrgId: EO-95
City: Seattle
StateProv: WA
PostalCode: 98104-1404
Country: US
RegDate: 2017-06-20
Updated: 2018-11-15
Ref: https://rdap.arin.net/registry/entity/EO-95
OrgNOCHandle: NETWO8737-ARIN
OrgNOCName: Network Operations
OrgNOCPhone: +1-206-739-3390
OrgNOCEmail: [email protected]
OrgNOCRef: https://rdap.arin.net/registry/entity/NETWO8737-ARIN
OrgTechHandle: TECHN1592-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-206-739-3390
OrgTechEmail: [email protected]
OrgTechRef: https://rdap.arin.net/registry/entity/TECHN1592-ARIN
OrgAbuseHandle: ABUSE7315-ARIN
OrgAbuseName: Abuse Management
OrgAbusePhone: +1-206-739-3390
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE7315-ARIN

Links to attack logs