216.151.137.226
# IPDEBRIEF INTELLIGENCE BRIEFING
Target: 216.151.137.226/32
Classification: MODERATE RISK
Date: 2026-06-24
---
## EXECUTIVE SUMMARY
IP address 216.151.137.226 is assigned to Cisco Webex LLC (ASN 13445) with a risk score of 40. The IP is located in New York, US, and is classified as "Firewalled / No Services" with no active open ports. Despite enterprise infrastructure ownership, the IP appears in a subnet showing elevated abuse density (216.151.137.0/24), with 51 medium-risk and 49 low-risk neighboring IPs. No direct threat indicators, blacklists, or known campaigns were observed.
---
## OWNERSHIP & INFRASTRUCTURE
| Field | Value |
|---|---|
| **ASN** | 13445 |
| **Organization** | Cisco Webex LLC |
| **Location** | New York, US (US-NY) |
| **BGP Prefix** | 216.151.128.0/20 |
| **DNSSEC** | Valid |
| **CAA Records** | Present |
The IP resides within the Cisco Webex infrastructure BGP prefix 216.151.128.0/20, indicating legitimate enterprise allocation. Control plane data shows origin ASN 13445 with stable routing (isMoas: false).
---
## THREAT ASSESSMENT
Current Risk Score: 40 (Moderate)
Operator Score: 0.2174 (Minimal)
Threat Indicators:
- Blacklist Count: 0
- DNSBL Listed Count: 0
- Known Attacker: False
- Tor Exit Node: False
- Spam Source: False
- Active Threat Indicators: None detected
Neighborhood Risk Analysis:
- Subnet: 216.151.137.0/24
- Neighbors Analyzed: 100
- Risk Distribution: 0 High / 51 Medium / 49 Low
- Abuse Density: 0.3008 (Mixed)
- Inherited Risk: 12
The /24 subnet demonstrates moderate abuse activity with significant risk concentration among medium-risk neighbors.
---
## OBSERVATION HISTORY
Total Observations: 49 signals recorded
Recent Signal Activity:
- Certificate Signals: 0 certificates resolved (crt-sh)
- Subnet Analysis: Recent observations show abuse_density 0.3008 with classification "mixed" and 77 threat siblings in the subnet
- Geolocation: Multiple sources confirm US location with 2500km accuracy radius
- Blacklist Activity: High-severity blacklist listing detected in one observation
Temporal Analysis:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Threat Observation Count: 1
- Persistently Malicious: False
---
## NETWORK RELATIONSHIPS
Total Relationships: 264 detected
Primary Relationship Types:
- Same Network (CS-1711): 259+ relationships
The IP maintains extensive network-level relationships within the Cisco Webex infrastructure, primarily through network routing associations (CS-1711 network).
---
## RECOMMENDED ACTIONS
Based on risk profile analysis, the following defensive measures are recommended:
| Platform | Recommended Action |
|---|---|
| **iptables** | `iptables -A INPUT -s 216.151.137.226 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 216.151.137.226 drop` |
| **nginx** | `deny 216.151.137.226;` |
| **pfSense** | Block 216.151.137.226/32 |
| **Cloudflare WAF** | `ip.src eq 216.151.137.226` (block) |
| **AWS WAF** | 216.151.137.226/32 (block) |
Implementation Notes: These recommendations are probabilistic. Consider combining with additional threat intelligence signals before deployment, particularly given the enterprise infrastructure ownership.
---
## INTELLIGENCE NOTES
- No open services detected on the target IP
- DNS resolution not confirmed (forwardConfirmed: false)
- Email reputation scoring unavailable
- Geographic validation inconclusive due to ICMP blocking
- The subnet's elevated abuse density suggests broader infrastructure compromise risk despite legitimate ownership
Analyst Recommendation: Monitor subnet-level activity. While individual IP shows no direct threats, the neighborhood risk profile warrants ongoing observation for lateral movement or infrastructure abuse patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cisco Webex LLC |
| ASN | AS13445 |
| Network Name | β |
| CIDR Block | 216.151.128.0/20 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 40% | 2 | 3 |
| services | 17% | 2 | 3 |
| ownership | 28% | 3 | 4 |
| reputation | 27% | 1 | 3 |
| geolocation | 28% | 2 | 3 |
| Overall | 28% | 12 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:09 UTC |
| Last Seen | 2026-06-26 18:12:06 UTC |
| Profile Built | 2026-06-27 01:21:13 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 53 |
Full dossier details are available via our API.