155.248.164.42

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING: 155.248.164.42/32

Classification: Moderate Risk | Status: Active Cloud Infrastructure | Date: 2026-06-22

## Executive Summary

IP 155.248.164.42 is a moderate-risk (score 40/100) address assigned to Oracle Public Cloud (ASN 31898). The IP is part of Oracle Cloud compute infrastructure with minimal operator-level risk indicators. While the IP shows no persistent malicious behavior, it has been flagged on one DNS blacklist, warranting monitoring.

## Technical Profile

Ownership & Network:

ASN: 31898 (Oracle Public Cloud)
BGP Prefix: 155.248.160.0/19
RIR: ARIN
Infrastructure Type: Cloud Compute (single-service host)
Network Classification: Cloud infrastructure, hosting provider

Geolocation:

Country: United States (US)
Region: Chiba, Inzai
Geo Validation: Plausible (ICMP blocked during validation)
Distance: 9,216.9km from validation point

Network Services:

Port 22/TCP: SSH (OpenSSH 8.0)
No HTTP/TLS services detected
No reverse DNS resolution
Zero hosted domains

DNS & Reputation:

DNSBL Listed: 1/8 lists
Operator Score: 0.1304 (Minimal)
No known campaigns or threat feed associations
Not a Tor exit node or known attacker

## Threat Assessment

Risk Indicators:

Risk Score: 40 (Moderate)
Abuse Confidence: No specific confidence score
No active threat indicators in feed data
No correlation to known malware campaigns

Historical Analysis:

19 observations recorded across the assessment period
Recent DNSBL activity observed (up to 2 listings with high severity on 2026-06-18)
Max severity listed as "medium" to "high" on recent observations
No persistent malicious activity detected
Route stability: Unstable (isRouteStable: false)

## Neighborhood Analysis

Subnet: 155.248.164.42/24

Abuse Density: 0 (clean)
Total Siblings: 1 (active)
Threat Siblings: 0
Classification: Clean subnet

Network Relationships:

25 relationships identified, all mapped to Oracle Cloud network (OC-260)
No external organizational or certificate relationships detected

## Recommended Actions

Immediate Mitigation:

No specific action required given cloud provider context
Monitoring recommended due to DNSBL listing

Firewall Rules (if blocking warranted):

iptables: `iptables -A INPUT -s 155.248.164.42 -j DROP`
nftables: `nft add rule inet filter input ip saddr 155.248.164.42 drop`
pfSense: `155.248.164.42/32`
Cloudflare WAF: Block with expression `ip.src eq 155.248.164.42`
AWS WAF: Add address 155.248.164.42/32

## Analyst Notes

This IP represents legitimate Oracle Cloud infrastructure with a moderate risk score. The single DNSBL listing requires context before blocking. As cloud compute infrastructure, the IP may be legitimately used for various services including SSH access. No immediate threat indicators suggest this IP is actively malicious. Continue monitoring for changes in risk profile or additional blacklist associations.

Recommendation: Monitor rather than block. If additional threat indicators emerge or the IP shows increased malicious activity, reassess with enhanced filtering.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	Chiba
City	Inzai
Timezone	—
Latitude	35.82
Longitude	140.12

🏢 Ownership & Registration

Organization	Oracle Public Cloud
ASN	AS31898
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Single-Service Host
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
22	ssh	tcp	SSH-2.0-OpenSSH_8.0
Closed Ports	25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned)

Server	—
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.0

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	30%	2	4
routing	8%	1	1
services	12%	2	2
ownership	20%	2	3
reputation	15%	1	2
geolocation	27%	2	3
Overall	19%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:03:48 UTC
Last Seen	2026-06-27 00:35:39 UTC
Profile Built	2026-06-27 20:48:28 UTC
Data Freshness	Live
Signal Types	18
Total Observations	25

🔍 18 signal types · 25 observations collected

This report is generated from 18+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

155.248.164.42📋 Copy