2.55.88.152

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 2.55.88.152

## Executive Summary

IP address 2.55.88.152 exhibits moderate risk characteristics with an overall risk score of 55/100. The IP is associated with ASN 12400 (Abuse ISP Partner) and geolocates to Tel Aviv, Israel. Current network classification indicates firewalled infrastructure with no active services.

## Risk Assessment

The IP maintains a moderate risk profile with a provider score of 0 and authority score of 0. DNSBL analysis reveals 3 listings across 8 total blacklist databases, with maximum severity rated as high. The operator score of 0.1304 indicates minimal operator-level threat activity. Route stability is false, suggesting potential infrastructure changes or instability.

## Geolocation and Ownership

Country: Israel (IL)
Region/City: Tel Aviv
ASN: 12400 (Abuse ISP Partner)
RIR: RIPE
PTR Hostname: 31-154-88-152.orange.net.il
BGP Prefix: 2.55.64.0/19

The reverse DNS resolution points to orange.net.il infrastructure, indicating association with Orange Israel telecommunications.

## Threat Indicators

No active threat indicators were observed:

Not a Tor exit node
Not classified as a known attacker
Not a spam source
No known campaign associations
No active threat feeds

However, the IP maintains 3 DNSBL listings, suggesting prior abusive behavior detected by reputation services.

## Network Behavior

Services analysis shows no open ports or TLS certificates. The IP is classified as firewalled with no services exposed. Behavioral analysis indicates zero honeypot hits and zero enumeration strikes.

## Subnet Analysis

The /24 subnet (2.55.88.0/24) demonstrates elevated abuse density with a score of 1.0. Neighborhood reconnaissance identified one neighboring IP (2.55.88.51) with a risk score of 80, indicating potential abuse activity within the immediate subnet. The subnet classification is marked as "mostly_clean" with one threat sibling detected.

## Historical Observations

Analysis of 19 signal observations reveals consistent geolocation to Israel since at least June 18, 2026. Recent observations include DNS blacklist listings with high severity ratings. The IP shows no persistent malicious behavior pattern, with threat observation count at zero.

## Related Entities

Relationship mapping identified associations with PARTNERCOM-CELLULAR-NETS networks and orange.net.il hostnames. Multiple DNS associations were recorded, though some returned communication timeout errors.

## Recommended Actions

Immediate Mitigation

Increase logging verbosity for traffic from this IP to monitor for suspicious activity patterns
Consider blocking based on risk profile (Risk Score: 55/100)

Firewall Rules

```

iptables: iptables -A INPUT -s 2.55.88.152 -j DROP

nftables: nft add rule inet filter input ip saddr 2.55.88.152 drop

nginx: deny 2.55.88.152;

Cloudflare WAF: Block IP 2.55.88.152

AWS WAF: Add 2.55.88.152/32 to deny list

```

## Analyst Notes

The IP presents moderate risk with multiple blacklist entries and a neighboring IP showing elevated risk (80/100). While no active malicious indicators are currently present, the subnet abuse density suggests potential for coordinated activity. SOC teams should monitor the subnet 2.55.88.0/24 for related malicious activity and consider blocking the IP if the organization does not maintain communication with Orange Israel infrastructure.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇮🇱 Israel
Region	Tel Aviv
City	Tel Aviv
Timezone	Asia/Jerusalem
Latitude	31.05
Longitude	34.85

🏢 Ownership & Registration

Organization	Abuse ISP Partner
ASN	AS12400
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	31-154-88-152.orange.net.il
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`31-154-88-152.orange.net.il`

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	21%	2	2
routing	13%	1	1
services	11%	1	2
ownership	24%	2	3
reputation	15%	1	2
geolocation	21%	2	2
Overall	18%	9	12

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:07 UTC
Last Seen	2026-06-23 04:44:11 UTC
Profile Built	2026-06-23 04:50:38 UTC
Data Freshness	Live
Signal Types	17
Total Observations	20

🔍 17 signal types · 20 observations collected

This report is generated from 17+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

2.55.88.152📋 Copy