IP Intelligence Briefing: 147.15.20.173
Date: 2026-06-16
---
**1. Core Profile**
- Risk Score: 50 (Moderate Risk)
- Provider: Oracle Cloud (ASN 31898)
- Geolocation: Registered to Oracle Corporation in the US, but geolocation data indicates São Paulo, Brazil (plausible due to CDN routing).
- Network Role: CloudCompute hosting (Oracle Cloud infrastructure).
- Services: Open ports 80 (HTTP) and 22 (SSH). Fingerprinted as nginx/1.18.0.
---
**2. Threat Indicators**
- No malicious activity detected: No indicators of compromise (IOCs), spam, or known attacker associations.
- DNS & Email: No DNS records or email auth (SPF/DKIM) found.
- TLS/SSL: No certificates or TLS vulnerabilities observed.
---
**3. Observation History (Last 30 Days)**
- Activity: 19 observations, primarily benign.
- June 16: Listed in 8 threat feeds (high severity).
- June 14: HTTP scan showing nginx server with no malicious banners.
- June 11: No active threats; classified as "mostly_clean" in subnet.
- Geo Validation: ICMP blocked, limiting location accuracy.
---
**4. Relationships & Network Context**
- Linked Entities:
- Oracle Corporation (ASN 31898).
- Subnet 147.15.20.0/24, classified as "mostly_clean" with low abuse density.
- Neighbors: No active sibling IPs in the subnet (0/1).
---
**5. Recommended Actions**
- Firewall Rules:
- Block via iptables/nftables: `iptables -A INPUT -s 147.15.20.173 -j DROP`
- Cloudflare/WAF rule: Block IP with description "IPDebrief risk score 50."
- Monitoring: Track for unexpected service changes or new threat listings.
---
**6. Summary**
147.15.20.173 is a legitimate Oracle Cloud host with no current malicious indicators. Its moderate risk score likely stems from being a public cloud server, but no malicious activity was observed. Monitor for anomalies, but no immediate action is required.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Oracle Corporation |
| ASN | AS31898 |
| Network Name | ORACLE-4 |
| CIDR Block | 147.15.0.0/16 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Multi-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 22 | ssh | tcp | β |
| Closed Ports | 25, 443, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | nginx/1.18.0 |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 23% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-27 01:06:50 UTC |
| Last Seen | 2026-06-29 03:38:21 UTC |
| Profile Built | 2026-06-29 03:48:07 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 22 |
Full dossier details are available via our API.