23.129.64.140 Threat Intelligence and Host Information

Share on:

General

This page contains threat intelligence information for the IPv4 address 23.129.64.140 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Tags: Bruteforce, Brute-Force, cyber security, ioc, malicious, Nextray, phishing, SSH, tor
  • Known tor exit node

  • View other sources: Spamhaus VirusTotal
  • Contained within other IP sets: blocklist_de, blocklist_de_ssh, blocklist_net_ua, dm_tor, et_tor, greensnow, sblam, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, tor_exits

  • Known TOR node
  • Country: United States
  • Network: AS396507 emerald onion
  • Noticed: 1 times
  • Protcols Attacked: redis ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 33 623a20ac078d099adcdbfdfdf2e4ec625b5c2426ffe5152c54429ee158ba958a 065f7d2c4cfbbc774d08b22926501898707d7f78a3e6d982b22408654289047f cea15af76532ec3a285a9ae607b8959a0ea70acacb17512eb106914a81175822 7570214602dbafc70062325334cf92a2a7e4ab22573e93c0c0bb5b21b469f7e4 b6bf080432b9d403b84c5c45018663db7b255d93241692ec6d80e5bc376164e3 70430dae496f27194ce64f61e547ebbb1edb6e8cea8c8662ef3f4bb799dabc07 9cad00fd5bbe350ab75562de5205c857a545e32a3e7e884b3b31ae33f1fb6b49 054ab931e60a7b219bffb7b2607962c068360a9b3b6e5eeebacc73d8b98765d4 949c6737d24f301ca7ea79dfd0936614bb3158ca66be70a842e7e0a7510d8616 eb5d9b1d6c60b8aec27b43fb1878d607242c2798fadb2c114bd343bc626b2cca

Open Ports Detected

22 443 80

Map

Whois Information

  • NetRange: 23.129.64.0 - 23.129.64.255
  • CIDR: 23.129.64.0/24
  • NetName: EMERALD-ONION-TOR1
  • NetHandle: NET-23-129-64-0-1
  • Parent: NET23 (NET-23-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS396507
  • Organization: Emerald Onion (EO-95)
  • RegDate: 2017-07-19
  • Updated: 2021-02-27
  • Comment: https://emeraldonion.org/
  • Ref: https://rdap.arin.net/registry/ip/23.129.64.0
  • OrgName: Emerald Onion
  • OrgId: EO-95
  • City: Seattle
  • StateProv: WA
  • PostalCode: 98104-1404
  • Country: US
  • RegDate: 2017-06-20
  • Updated: 2018-11-15
  • Ref: https://rdap.arin.net/registry/entity/EO-95
  • OrgAbuseHandle: ABUSE7315-ARIN
  • OrgAbuseName: Abuse Management
  • OrgAbusePhone: +1-206-739-3390
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE7315-ARIN
  • OrgNOCHandle: NETWO8737-ARIN
  • OrgNOCName: Network Operations
  • OrgNOCPhone: +1-206-739-3390
  • OrgNOCEmail: [email protected]
  • OrgNOCRef: https://rdap.arin.net/registry/entity/NETWO8737-ARIN
  • OrgTechHandle: TECHN1592-ARIN
  • OrgTechName: Technical Support
  • OrgTechPhone: +1-206-739-3390
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/TECHN1592-ARIN

Links to attack logs

awsbah-redis-bruteforce-ip-list-2022-04-28 vultrmadrid-ssh-bruteforce-ip-list-2023-03-11 nmap-scanning-list-2021-10-01 nmap-scanning-list-2021-10-11 awssafrica-redis-bruteforce-ip-list-2022-05-09 nmap-scanning-list-2021-12-08 dofrank-ssh-bruteforce-ip-list-2023-02-25 dofrank-ssh-bruteforce-ip-list-2023-03-09