IPDebrief

199.45.154.117

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IPDEBRIEF THREAT INTELLIGENCE BRIEFING

Target: 199.45.154.117/32

Classification: Moderate Risk (Score: 40)

Date: Current Assessment

Status: Active Threat Indicator

---

## EXECUTIVE SUMMARY

IP address 199.45.154.117 is classified as a Moderate Risk infrastructure endpoint owned by Censys, Inc. (ASN 398722) in New York, US. The address belongs to a scanning infrastructure network that has been flagged across multiple threat intelligence feeds and is currently listed on two DNS blacklists. While not actively malicious, the subnet demonstrates elevated abuse density consistent with automated scanning operations.

---

## NETWORK OWNERSHIP & ATTRIBUTION

FieldValue
**Organization**Censys, Inc.
**ASN**398722
**CIDR Block**199.45.154.0/24
**Geolocation**New York, US
**RIR**ARIN
**Abuse Contact**Available via RDAP

Infrastructure Classification: Firewalled / No Services (ports closed, no active listening services detected)

---

## THREAT INDICATORS

Recent Observations: 25 historical signals collected, with the most recent activity recorded on 2026-06-25. Multiple threat pulses were detected via AlienVault-OTX and associated reputation feeds.

---

## NETWORK BEHAVIOR & TRAFFIC PROFILE

DNS Resolution:

Control Plane:

---

## SUBNET CONTEXT (199.45.154.0/24)

Neighborhood Analysis:

Notable Neighbor IPs:

The /24 subnet demonstrates consistent medium-to-high risk profiles across multiple endpoints, indicating coordinated infrastructure activity.

---

## RELATIONSHIP MAPPING

53 Identified Relationships:

---

## SOC ACTIONS RECOMMENDATION

Risk Level: Monitor / Investigate

Recommended Actions:

1. Allow with Monitoring: The IP is associated with Censys scanning infrastructure. Legitimate use of this IP by security research operations is expected.

2. Review Inbound Traffic: If this IP appears in inbound connection logs, verify source legitimacy before blocking.

3. Block Outbound to Internal: If this IP is observed initiating connections to internal assets, implement outbound firewall rules unless business justification exists.

4. Monitor Subnet: Given the high abuse density of the /24 subnet, monitor for patterns of reconnaissance activity.

5. Update Allow Lists: Consider whitelisting this IP at the gateway level if known to be used by authorized security research tools.

Firewall Rule Considerations:

---

## INTELLIGENCE CONCLUSION

This IP represents Censys scanning infrastructure operating from New York. The moderate risk rating reflects the presence of automated scanning activity within the broader Censys network. While not malicious, the subnet's high abuse density warrants ongoing monitoring. No immediate threat mitigation required unless this IP is observed targeting internal assets.

Confidence Level: High

Data Sources: 53 relationships, 25 historical observations, 47 neighborhood peers

Last Updated: Current cycle

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionUS-NY
CityNew York
Timezoneβ€”
Latitude37.75
Longitude-97.82

🏒 Ownership & Registration

OrganizationCensys, Inc.
ASNAS398722
Network Nameβ€”
CIDR Blockβ€”
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTR117.154.45.199.censys-scanner.com
Forward ConfirmedYes β€” FCrDNS verified
Forward Hostnames117.154.45.199.censys-scanner.com

πŸ” DNS Hygiene

Hygiene Score40% (Fair)
SPFNot configured
DMARCNot configured
FCrDNSVerified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureUnknown
Service PurposeFirewalled / No Services
Network TierUnknown β€” Insufficient routing data to classify
No specific classification

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
20%
23
routing
8%
11
services
8%
11
ownership
20%
23
reputation
19%
13
geolocation
27%
23
Overall17%914
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (70%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-08 17:17:53 UTC
Last Seen2026-06-26 18:11:02 UTC
Profile Built2026-06-25 09:12:23 UTC
Data FreshnessLive
Signal Types22
Total Observations22
πŸ” 22 signal types Β· 22 observations collected
This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.