# IP Intelligence Briefing: 2.55.88.152
## Executive Summary
IP address 2.55.88.152 exhibits moderate risk characteristics with an overall risk score of 55/100. The IP is associated with ASN 12400 (Abuse ISP Partner) and geolocates to Tel Aviv, Israel. Current network classification indicates firewalled infrastructure with no active services.
## Risk Assessment
The IP maintains a moderate risk profile with a provider score of 0 and authority score of 0. DNSBL analysis reveals 3 listings across 8 total blacklist databases, with maximum severity rated as high. The operator score of 0.1304 indicates minimal operator-level threat activity. Route stability is false, suggesting potential infrastructure changes or instability.
## Geolocation and Ownership
- Country: Israel (IL)
- Region/City: Tel Aviv
- ASN: 12400 (Abuse ISP Partner)
- RIR: RIPE
- PTR Hostname: 31-154-88-152.orange.net.il
- BGP Prefix: 2.55.64.0/19
The reverse DNS resolution points to orange.net.il infrastructure, indicating association with Orange Israel telecommunications.
## Threat Indicators
No active threat indicators were observed:
- Not a Tor exit node
- Not classified as a known attacker
- Not a spam source
- No known campaign associations
- No active threat feeds
However, the IP maintains 3 DNSBL listings, suggesting prior abusive behavior detected by reputation services.
## Network Behavior
Services analysis shows no open ports or TLS certificates. The IP is classified as firewalled with no services exposed. Behavioral analysis indicates zero honeypot hits and zero enumeration strikes.
## Subnet Analysis
The /24 subnet (2.55.88.0/24) demonstrates elevated abuse density with a score of 1.0. Neighborhood reconnaissance identified one neighboring IP (2.55.88.51) with a risk score of 80, indicating potential abuse activity within the immediate subnet. The subnet classification is marked as "mostly_clean" with one threat sibling detected.
## Historical Observations
Analysis of 19 signal observations reveals consistent geolocation to Israel since at least June 18, 2026. Recent observations include DNS blacklist listings with high severity ratings. The IP shows no persistent malicious behavior pattern, with threat observation count at zero.
## Related Entities
Relationship mapping identified associations with PARTNERCOM-CELLULAR-NETS networks and orange.net.il hostnames. Multiple DNS associations were recorded, though some returned communication timeout errors.
## Recommended Actions
Immediate Mitigation
- Increase logging verbosity for traffic from this IP to monitor for suspicious activity patterns
- Consider blocking based on risk profile (Risk Score: 55/100)
Firewall Rules
```
iptables: iptables -A INPUT -s 2.55.88.152 -j DROP
nftables: nft add rule inet filter input ip saddr 2.55.88.152 drop
nginx: deny 2.55.88.152;
Cloudflare WAF: Block IP 2.55.88.152
AWS WAF: Add 2.55.88.152/32 to deny list
```
## Analyst Notes
The IP presents moderate risk with multiple blacklist entries and a neighboring IP showing elevated risk (80/100). While no active malicious indicators are currently present, the subnet abuse density suggests potential for coordinated activity. SOC teams should monitor the subnet 2.55.88.0/24 for related malicious activity and consider blocking the IP if the organization does not maintain communication with Orange Israel infrastructure.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Abuse ISP Partner |
| ASN | AS12400 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 31-154-88-152.orange.net.il |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 31-154-88-152.orange.net.il |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 21% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 11% | 1 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 15% | 1 | 2 |
| geolocation | 21% | 2 | 2 |
| Overall | 18% | 9 | 12 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:07 UTC |
| Last Seen | 2026-06-23 04:44:11 UTC |
| Profile Built | 2026-06-23 04:50:38 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 20 |
Full dossier details are available via our API.