147.90.234.118
THREAT INTELLIGENCE BRIEFING: 147.90.234.118/32
Date: 2026-06-21
Classification: Moderate Risk
Analyst: IPDebrief Intelligence Team
---
EXECUTIVE SUMMARY
IP address 147.90.234.118 was identified as a Tor exit node operating from New York, NY, under Fourplex Telecom LLC (ASN 27284). The IP scored 59/100 on the risk scale, with confirmed Tor exit node classification and one blacklist entry. The subnet demonstrates elevated abuse density at 41.67%, with five threat-sibling IPs identified within the /24 range.
OWNERSHIP AND GEOLOCATION
Ownership attribution confirmed to Fourplex Telecom LLC abuse handling via ASN 27284. Geolocation data indicates New York, NY, US with a 3,750 km accuracy radius. The IP is not classified as cloud, CDN, VPN, proxy, or hosting infrastructure.
THREAT INDICATORS
- Tor Exit Node Classification: Confirmed active Tor exit node
- Blacklist Status: Listed on 1 blacklist source
- DNSBL Presence: Listed on 2 of 8 DNSBL checks
- Known Campaigns: None associated
- Attack Confidence: Not flagged as known attacker or spam source
NETWORK BEHAVIOR
Open port analysis revealed SSH service (port 22) with banner: "SSH-2.0-OpenSSH_8.7". No HTTP/HTTPS services detected. DNS resolution forward confirmation failed. The IP operates as a single-service host with no hosted domains or email authentication records.
NEIGHBORHOOD ANALYSIS
The /24 subnet (147.90.234.0/24) contains 12 sibling IPs with the following distribution:
- High Risk: 0
- Medium Risk: 10
- Low Risk: 1
Notable threat siblings include:
- 147.90.234.159 (Risk: 66)
- 147.90.234.214 (Risk: 66)
- 147.90.234.30, .34, .63, .88, .115, .116, .117, .213 (Risk: 59)
Subnet abuse density of 41.67% indicates mixed-risk infrastructure with significant malicious activity concentration.
OBSERVATION HISTORY
Forty-seven signal observations recorded across multiple time periods. Recent operator scores consistently measured at 0.1304 (Minimal). No persistent malicious behavior pattern detected. Threat observation count remains at 1, with zero threat persistence days.
CONTROL PLANE
BGP prefix: 147.90.234.0/23
Origin ASN: 27284
Route stability: False (route changes detected in 30-day window)
DNSSEC: Valid
RPKI State: Not evaluated
IRR Consistency: Not evaluated
RECOMMENDED ACTIONS
Access Control
- Implement enhanced verification for anonymous traffic from Tor networks
- Consider blocking or rate-limiting traffic from confirmed Tor exit nodes
Monitoring
- Increase logging verbosity for all traffic from this IP
- Review recent activity patterns for suspicious behavior
- Monitor for correlation with known malicious campaigns
Firewall Implementation
The following rules are recommended for immediate deployment:
```bash
# iptables
iptables -A INPUT -s 147.90.234.118 -j DROP
# nftables
nft add rule inet filter input ip saddr 147.90.234.118 drop
# nginx
deny 147.90.234.118;
# pfSense
147.90.234.118/32
# Cloudflare WAF
{"description":"Block 147.90.234.118 β IPDebrief risk score 59","action":"block","filter":{"expression":"ip.src eq 147.90.234.118"}}
# AWS WAF
{"Addresses":["147.90.234.118/32"],"Description":"IPDebrief risk 59"}
```
SOC RECOMMENDATIONS
1. Block or isolate traffic from 147.90.234.118 pending further investigation
2. Monitor the 147.90.234.0/24 subnet for additional threat activity
3. Correlate with internal logs for any suspicious connections
4. Consider blocking all known Tor exit nodes from the subnet
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Fourplex Telecom LLC abuse handling |
| ASN | AS27284 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Residential |
| Service Purpose | Single-Service Host |
| Network Tier | End-User β Residential ISP endpoint |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.7 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 19% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:41 UTC |
| Last Seen | 2026-06-26 21:06:49 UTC |
| Profile Built | 2026-06-27 17:36:16 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 49 |
Full dossier details are available via our API.