216.151.130.123
IP INTELLIGENCE BRIEFING: 216.151.130.123
CLASSIFICATION: Moderate Risk / Investigative Interest
TIMESTAMP: Intelligence compiled from IPDebrief platform
---
EXECUTIVE SUMMARY
IP address 216.151.130.123 is assigned to Cisco Webex LLC (ASN 13445) and geolocated to San Jose, California. Despite corporate ownership, recent threat intelligence indicates this IP has been flagged on 8 blacklists with high severity and operates within a subnet showing high abuse density (173 active sibling IPs). The IP is currently firewalled with no active services detected, but neighborhood context and blacklist presence warrant defensive monitoring and blocking.
---
OWNERSHIP & INFRASTRUCTURE
- Organization: Cisco Webex LLC
- ASN: 13445
- Network: 216.151.130.0/24
- Geolocation: San Jose, CA, US (accuracy radius: 2500km)
- Network Role: Firewalled / No Services
- Registration: ARIN
---
RISK PROFILE
- Current Risk Score: 40/100 (Moderate Risk)
- Provider Score: 0
- Authority Score: 0
- Abuse Confidence Score: Not Available
- Threat Classification: Not a known attacker, spam source, or Tor exit node
---
THREAT INDICATORS
- Blacklist Count: 8 active listings (observed June 24, 2026)
- Maximum Severity: High
- Known Campaigns: None identified
- Threat Feeds: None populated
- DNSBL Listings: 0 (local DNSBL check)
---
NETWORK BEHAVIOR
- Open Ports: None detected
- TLS Certificates: None
- HTTP Services: None
- PTR Record: None
- Forward Resolution: Unconfirmed
- Status: Service purpose classified as "Firewalled / No Services"
---
NEIGHBORHOOD CONTEXT
- Subnet: 216.151.130.0/24
- Abuse Density: 1 (High Abuse Classification)
- Total Siblings: 256
- Active Siblings: 173
- Threat Siblings: 256
- Risk Distribution: 0 High, 16 Medium, 84 Low risk neighbors
*Note: Subnet-level abuse density indicates systemic risk within the /24 block. Correlated infrastructure may require network-wide review.*
---
OBSERVATION HISTORY
45 observations recorded over the monitoring period. Recent activity includes:
- June 24, 2026 18:33 UTC: Listed on 8 blacklists with high severity (confidence: 0.85)
- June 24, 2026 17:57 UTC: Minimal operator score (0/8)
- Multiple timeframes: Consistent low operator scores (0)
---
RELATED ENTITIES
161 relationships identified, primarily network-level associations to "CS-1711" network designation. No hostname, organizational, or certificate-level relationships detected.
---
RECOMMENDED ACTIONS
Based on risk assessment and neighborhood context, the following defensive measures are recommended:
Firewall Rules:
- iptables: `iptables -A INPUT -s 216.151.130.123 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 216.151.130.123 drop`
- nginx: `deny 216.151.130.123;`
- pfSense: `216.151.130.123/32`
WAF Rules:
- Cloudflare WAF: Block with description "IPDebrief risk score 40"
- AWS WAF: CIDR block 216.151.130.123/32
SOC Actions:
1. Block at perimeter firewall and WAF
2. Monitor subnet 216.151.130.0/24 for additional malicious activity
3. Verify if legitimate Cisco Webex traffic requires exception
4. Review logs for any prior connections from this IP
---
RISK ASSESSMENT
While the IP is legitimately assigned to Cisco Webex LLC infrastructure, the combination of:
- Active blacklist listings (high severity)
- High-abuse density subnet environment
- Recent threat observations
...warrants defensive blocking with continued monitoring. The corporate ownership may indicate legitimate infrastructure that has been compromised or misconfigured, or the IP may have been reassigned within the organization's address space.
FINAL RECOMMENDATION: Block at all security controls; investigate subnet-level activity for potential coordinated threat activity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cisco Webex LLC |
| ASN | AS13445 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | z-a.ctim.cisco.comxlm130.fr-00artm.g0.extusgov.infra.webex.comxlm130.fr-00artm.ds.g0.extusgov.infra.webex.com |
| Valid From | 2026-05-21T04:47:40+00:00 |
| Valid Until | 2026-12-06T04:46:40+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 198 days |
| Serial Number | 40019E48DC573BACAE3F217B1AD21534 |
| Thumbprint | 7A0D6A956EA228DCDCF260AABEB8B2647812129C |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 20% | 1 | 1 |
| services | 32% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 27% | 1 | 3 |
| geolocation | 28% | 2 | 3 |
| Overall | 26% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:13 UTC |
| Last Seen | 2026-06-26 18:12:10 UTC |
| Profile Built | 2026-06-27 07:20:01 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 48 |
Full dossier details are available via our API.