199.45.154.117📋 Copy

# IPDEBRIEF THREAT INTELLIGENCE BRIEFING

Target: 199.45.154.117/32

Classification: Moderate Risk (Score: 40)

Date: Current Assessment

Status: Active Threat Indicator

---

## EXECUTIVE SUMMARY

IP address 199.45.154.117 is classified as a Moderate Risk infrastructure endpoint owned by Censys, Inc. (ASN 398722) in New York, US. The address belongs to a scanning infrastructure network that has been flagged across multiple threat intelligence feeds and is currently listed on two DNS blacklists. While not actively malicious, the subnet demonstrates elevated abuse density consistent with automated scanning operations.

---

## NETWORK OWNERSHIP & ATTRIBUTION

Infrastructure Classification: Firewalled / No Services (ports closed, no active listening services detected)

---

## THREAT INDICATORS

• Risk Score: 40/100 (Moderate)
• DNSBL Listings: 2 of 8 total lists
• Known Attacks: No confirmed active attacker status
• Tor Exit Node: No
• Spam Source: No
• Pulsedive Risk: Not evaluated

Recent Observations: 25 historical signals collected, with the most recent activity recorded on 2026-06-25. Multiple threat pulses were detected via AlienVault-OTX and associated reputation feeds.

---

## NETWORK BEHAVIOR & TRAFFIC PROFILE

DNS Resolution:

• PTR: 117.154.45.199.censys-scanner.com
• Forward Resolution: 117.45.199.117.censys-scanner.com
• Domain Authority: censys-scanner.com

Control Plane:

• Route Stability: Unstable (route changes detected)
• DNSSEC: Valid
• BGP Prefix: 199.45.154.0/24

---

## SUBNET CONTEXT (199.45.154.0/24)

Neighborhood Analysis:

• Total Sibling IPs: 48
• Abuse Density: 0.7083 (High Abuse Classification)
• Risk Distribution: 46 Medium Risk, 0 High Risk, 1 Low Risk
• Threat Siblings: 34

Notable Neighbor IPs:

• 199.45.154.112: Risk 40, Authority 60
• 199.45.154.113: Risk 40, Authority 60
• 199.45.154.114: Risk 65, Authority 60
• 199.45.154.115: Risk 40, Authority 60
• 199.45.154.116: Risk 65, Authority 60

The /24 subnet demonstrates consistent medium-to-high risk profiles across multiple endpoints, indicating coordinated infrastructure activity.

---

## RELATIONSHIP MAPPING

53 Identified Relationships:

• DNS Associations: 117.154.45.199.censys-scanner.com (multiple entries)
• Network Associations: CENSY (multiple entries)
• Campaign Correlations: 0 certified matches
• Certificate Matches: 0

---

## SOC ACTIONS RECOMMENDATION

Risk Level: Monitor / Investigate

Recommended Actions:

1. Allow with Monitoring: The IP is associated with Censys scanning infrastructure. Legitimate use of this IP by security research operations is expected.

2. Review Inbound Traffic: If this IP appears in inbound connection logs, verify source legitimacy before blocking.

3. Block Outbound to Internal: If this IP is observed initiating connections to internal assets, implement outbound firewall rules unless business justification exists.

4. Monitor Subnet: Given the high abuse density of the /24 subnet, monitor for patterns of reconnaissance activity.

5. Update Allow Lists: Consider whitelisting this IP at the gateway level if known to be used by authorized security research tools.

Firewall Rule Considerations:

• No immediate blocking recommended
• Log all traffic for forensic correlation
• Monitor for port scanning behavior from related subnet addresses

---

## INTELLIGENCE CONCLUSION

This IP represents Censys scanning infrastructure operating from New York. The moderate risk rating reflects the presence of automated scanning activity within the broader Censys network. While not malicious, the subnet's high abuse density warrants ongoing monitoring. No immediate threat mitigation required unless this IP is observed targeting internal assets.

Confidence Level: High

Data Sources: 53 relationships, 25 historical observations, 47 neighborhood peers

Last Updated: Current cycle

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.