IPDebrief

147.90.234.118

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

THREAT INTELLIGENCE BRIEFING: 147.90.234.118/32

Date: 2026-06-21

Classification: Moderate Risk

Analyst: IPDebrief Intelligence Team

---

EXECUTIVE SUMMARY

IP address 147.90.234.118 was identified as a Tor exit node operating from New York, NY, under Fourplex Telecom LLC (ASN 27284). The IP scored 59/100 on the risk scale, with confirmed Tor exit node classification and one blacklist entry. The subnet demonstrates elevated abuse density at 41.67%, with five threat-sibling IPs identified within the /24 range.

OWNERSHIP AND GEOLOCATION

Ownership attribution confirmed to Fourplex Telecom LLC abuse handling via ASN 27284. Geolocation data indicates New York, NY, US with a 3,750 km accuracy radius. The IP is not classified as cloud, CDN, VPN, proxy, or hosting infrastructure.

THREAT INDICATORS

NETWORK BEHAVIOR

Open port analysis revealed SSH service (port 22) with banner: "SSH-2.0-OpenSSH_8.7". No HTTP/HTTPS services detected. DNS resolution forward confirmation failed. The IP operates as a single-service host with no hosted domains or email authentication records.

NEIGHBORHOOD ANALYSIS

The /24 subnet (147.90.234.0/24) contains 12 sibling IPs with the following distribution:

Notable threat siblings include:

Subnet abuse density of 41.67% indicates mixed-risk infrastructure with significant malicious activity concentration.

OBSERVATION HISTORY

Forty-seven signal observations recorded across multiple time periods. Recent operator scores consistently measured at 0.1304 (Minimal). No persistent malicious behavior pattern detected. Threat observation count remains at 1, with zero threat persistence days.

CONTROL PLANE

BGP prefix: 147.90.234.0/23

Origin ASN: 27284

Route stability: False (route changes detected in 30-day window)

DNSSEC: Valid

RPKI State: Not evaluated

IRR Consistency: Not evaluated

RECOMMENDED ACTIONS

Access Control

Monitoring

Firewall Implementation

The following rules are recommended for immediate deployment:

```bash

# iptables

iptables -A INPUT -s 147.90.234.118 -j DROP

# nftables

nft add rule inet filter input ip saddr 147.90.234.118 drop

# nginx

deny 147.90.234.118;

# pfSense

147.90.234.118/32

# Cloudflare WAF

{"description":"Block 147.90.234.118 β€” IPDebrief risk score 59","action":"block","filter":{"expression":"ip.src eq 147.90.234.118"}}

# AWS WAF

{"Addresses":["147.90.234.118/32"],"Description":"IPDebrief risk 59"}

```

SOC RECOMMENDATIONS

1. Block or isolate traffic from 147.90.234.118 pending further investigation

2. Monitor the 147.90.234.0/24 subnet for additional threat activity

3. Correlate with internal logs for any suspicious connections

4. Consider blocking all known Tor exit nodes from the subnet

---

END OF BRIEFING

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionNY
CityNew York
Timezoneβ€”
Latitude40.71
Longitude-74.01

🏒 Ownership & Registration

OrganizationFourplex Telecom LLC abuse handling
ASNAS27284
Network Nameβ€”
CIDR Blockβ€”
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)

πŸ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureResidential
Service PurposeSingle-Service Host
Network TierEnd-User β€” Residential ISP endpoint
Residential

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
22sshtcp
Closed Ports25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”
SSH VersionSSH-2.0-OpenSSH_8.7
⚠ Unusual for residential β€” open services on a home connection may indicate self-hosting, compromise, or misconfigured networking equipment.

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
25%
24
routing
8%
11
services
15%
22
ownership
24%
23
reputation
26%
13
geolocation
19%
22
Overall19%1015
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-22 13:35:41 UTC
Last Seen2026-06-26 21:06:49 UTC
Profile Built2026-06-27 17:36:16 UTC
Data FreshnessLive
Signal Types20
Total Observations49
πŸ” 20 signal types Β· 49 observations collected
This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.