23.129.64.214 Threat Intelligence and Host Information

Share on:

Oct 21, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 23.129.64.214 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

Tags: aws, cyber security, digital ocean, ioc, malicious, Nextray, phishing, scanners, ssh, tor, TOR, VPN
Known tor exit node
View other sources: Spamhaus VirusTotal
Contained within other IP sets: blocklist_net_ua, dm_tor, et_tor, maxmind_proxy_fraud, sblam, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, tor_exits
Known TOR node
Country: United States
Network: AS396507 emerald onion
Noticed: 1 times
Protcols Attacked: redis ssh
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Portugal, Romania, Singapore, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 9 2ce399a329b20c97bec49d1ecd1315aca646c5a0dd95e4b9bbffc9b52a9a528d a896be5e1f5b7d498d6556c9d64fe6407b70360e36dd3f47ee46da9367748ff6 cf7cf388f5191ffee75d80f6895deda97a2af8834b76271b0b7840869482e50f 7548589cca05a011b563d58e795233faf2310975659bbc8b4d1db7ae6d805280 a4a63515b6bd2562e94430e10629c0c9e69309b2281dc857628cd537909c0352 dd8853401542827cdedcbeb3684a7b8704d7e52da259e91ee72dd6413243ee87 cd3726f84bd8015d6b9d8fa2b33874ff0fecadc3eb020c21b3fb7f56f7004eed 8ca0392a421283b00404a015034e1618ed8ac18b0b48bd8a2614966546338411 c6fbf7cf02227221010976a0c74c02e5d6ad10cce6f1e56a27ddc3181f94fe1c

Open Ports Detected

22 443 80

Map

Whois Information

NetRange: 23.129.64.0 - 23.129.64.255
CIDR: 23.129.64.0/24
NetName: EMERALD-ONION-TOR1
NetHandle: NET-23-129-64-0-1
Parent: NET23 (NET-23-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS396507
Organization: Emerald Onion (EO-95)
RegDate: 2017-07-19
Updated: 2021-02-27
Comment: https://emeraldonion.org/
Ref: https://rdap.arin.net/registry/ip/23.129.64.0
OrgName: Emerald Onion
OrgId: EO-95
City: Seattle
StateProv: WA
PostalCode: 98104-1404
Country: US
RegDate: 2017-06-20
Updated: 2018-11-15
Ref: https://rdap.arin.net/registry/entity/EO-95
OrgNOCHandle: NETWO8737-ARIN
OrgNOCName: Network Operations
OrgNOCPhone: +1-206-739-3390
OrgNOCEmail: [email protected]
OrgNOCRef: https://rdap.arin.net/registry/entity/NETWO8737-ARIN
OrgAbuseHandle: ABUSE7315-ARIN
OrgAbuseName: Abuse Management
OrgAbusePhone: +1-206-739-3390
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE7315-ARIN
OrgTechHandle: TECHN1592-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-206-739-3390
OrgTechEmail: [email protected]
OrgTechRef: https://rdap.arin.net/registry/entity/TECHN1592-ARIN

Links to attack logs

awsjap-redis-bruteforce-ip-list-2022-04-22 nmap-scanning-list-2022-01-24 vultrwarsaw-ssh-bruteforce-ip-list-2023-01-29 dotoronto-ssh-bruteforce-ip-list-2023-02-21 vultrparis-ssh-bruteforce-ip-list-2023-01-29 dosing-ssh-bruteforce-ip-list-2023-03-17 vultrwarsaw-ssh-bruteforce-ip-list-2023-01-26 nmap-scanning-list-2022-02-28 nmap-scanning-list-2021-09-28 nmap-scanning-list-2022-01-07