185.153.231.45

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 185.153.231.45/32

Date: 2026-06-23

Classification: Moderate Risk

Analyst: IPDebrief Intelligence Team

## Executive Summary

IP address 185.153.231.45 is classified as a Moderate Risk (risk score: 50) originating from Turkey (TR). The address belongs to ASN 60721 (Furkan Sahin) and operates as a single-service host with SSH exposure. The IP has been observed with DNSBL listings totaling 8 lists, with 2 active listings. Neighborhood analysis indicates a low-abuse-density subnet (0.5 abuse density) with one lower-risk sibling IP (185.153.231.44, risk score 25).

## Technical Profile

Attribute	Value
Risk Score	50 (Moderate Risk)
ASN	60721
Organization	Furkan Sahin
Country	Turkey (TR)
Geolocation	41.02°N, 28.99°E (Europe/Istanbul)
Network Role	Single-Service Host
Open Ports	TCP/22 (SSH)
PTR Hostname	45231.rdns.sahinnet.name.tr
DNSBL Listed	2 of 8 lists

## Threat Indicators

DNSBL Status: Listed on 2 of 8 threat feeds
Tor Exit Node: No
Known Attacker: No
Spam Source: No
Campaign Association: None identified
Threat Persistence: No (0 threat observation days)

## Network Context

Subnet Analysis (185.153.231.0/24)

Abuse Density: 0.5 (mostly_clean classification)
Active Siblings: 2
Threat Siblings: 1
Inherited Risk Score: 2

Neighbor IP Assessment

185.153.231.44: Risk score 25, Authority score 50
Risk Distribution: 1 low-risk, 0 medium-risk, 0 high-risk

## Observed Network Relationships

The IP has 37 relationship entries, predominantly "Same Network" associations linked to:

SAHINNETWORK-INTERNET-BILISIM-HIZMETLERI
SAHINNETWORK-INTERNET-BILISIM-HIZMETLERI-LIMITED-SIRKETI

## Historical Signal Timeline

Observations: 21 total signals recorded

Recent Activity (2026-06-23):

DNSBL listings observed with high severity (8 total lists, 1 active listing)
Control plane operator score: 0.1304 (minimal)
Route stability: Unstable (isRouteStable: false)

Subnet Signals (2026-06-17):

Abuse density: 0.5
Classification: mostly_clean
Inherited risk: 2

## Recommended Security Actions

Immediate Mitigation (Block Recommendation)

Based on the risk profile, the following firewall rules are recommended:

```bash

# iptables

iptables -A INPUT -s 185.153.231.45 -j DROP

# nftables

nft add rule inet filter input ip saddr 185.153.231.45 drop

# nginx

deny 185.153.231.45;

# pfSense

185.153.231.45/32

# Cloudflare WAF

{"description":"Block 185.153.231.45 — IPDebrief risk score 50","action":"block","filter":{"expression":"ip.src eq 185.153.231.45"}}

# AWS WAF

{"Addresses":["185.153.231.45/32"],"Description":"IPDebrief risk 50"}

```

## Risk Assessment Summary

The IP 185.153.231.45 presents a moderate risk profile suitable for defensive blocking. While the subnet shows low abuse density and the IP is not associated with known campaigns or persistent malicious activity, the presence of DNSBL listings and SSH exposure warrants restrictive firewall treatment. The neighborhood analysis supports a conservative approach, with the only sibling IP showing minimal risk (score 25).

Recommendation: Implement blocking rules at perimeter firewalls and WAF appliances. Monitor for any escalation in threat indicators or neighborhood activity patterns.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇹🇷 Turkey
Region	Bursa Province
City	Bursa
Timezone	Europe/Istanbul
Latitude	41.02
Longitude	28.99

🏢 Ownership & Registration

Organization	Furkan Sahin
ASN	AS60721
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	45231.rdns.sahinnet.name.tr
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`45231.rdns.sahinnet.name.tr`

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Single-Service Host
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
22	ssh	tcp	SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.13
Closed Ports	25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned)

Server	—
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.13

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	32%	2	3
routing	13%	1	1
services	15%	2	2
ownership	27%	2	3
reputation	17%	1	2
geolocation	13%	1	1
Overall	20%	9	12

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:00 UTC
Last Seen	2026-06-26 18:10:54 UTC
Profile Built	2026-06-23 00:44:36 UTC
Data Freshness	Live
Signal Types	19
Total Observations	21

🔍 19 signal types · 21 observations collected

This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

185.153.231.45📋 Copy