216.151.137.28
# IP Intelligence Briefing: 216.151.137.28/32
Classification: Moderate Risk | Risk Score: 40 | Date: 2026-06-20
---
## Executive Summary
IP address 216.151.137.28 is a Cisco Webex LLC infrastructure IP located in New York, US, operating within the 216.151.128.0/19 BGP prefix. The IP presents moderate risk (score 40) with a classification of "high_abuse" in its /24 neighborhood, which contains 97 active sibling IPs. No malicious threat indicators were detected on this specific address, but the neighborhood context warrants monitoring.
---
## Infrastructure Profile
Ownership & Control:
- Organization: Cisco Webex LLC
- ASN: 13445
- BGP Prefix: 216.151.128.0/19
- RIR: ARIN
- Registration: Route stability flagged as false
Geolocation:
- Country: United States
- Region: New York (US-NY)
- Coordinates: 4104.7 km validation distance
- Status: Geo validation incomplete (ICMP blocked)
Network Role:
- Classification: Firewalled / No Services
- Open Ports: None detected
- CDN/Proxy/VPN: Negative
- Tor Exit Node: No
- DNSBL Listed: 1 of 8 total lists
---
## Threat Assessment
Observed Threat Indicators:
- Threat Reputation: No known attacker status
- Spam Source: Negative
- Known Campaigns: None detected
- Certificate Matches: 0
- Banner Matches: 0
Control Plane Analysis:
- Operator Score: 0.1304 (Minimal)
- DNSSEC Valid: Yes
- Route Changes (30d): 0
- MoAS Status: No
---
## Neighborhood Analysis
Subnet Context: 216.151.137.28/24
- Total Siblings: 256
- Active Siblings: 97
- Abuse Density: 1 (High Abuse Classification)
- Risk Distribution: 100 medium-risk IPs, 0 high-risk, 0 low-risk
- Authority Score (Average): 50
Implication: The /24 subnet exhibits elevated abuse density with consistent medium-risk classification across neighbors. This suggests infrastructure-level activity rather than isolated malicious behavior.
---
## Observation History
Signal Count: 43 total observations
Latest Activity: 2026-06-20 (multiple timestamps)
Temporal Analysis:
- Threat Observation Count: 1
- Threat Persistence Days: 0
- Ownership Changes: 0
- Is Persistently Malicious: No
Recent Signal Trends:
- Operator score consistently measured at 0.1304
- DNSSEC signals present with minimal classification
- No escalation in threat signals observed
---
## Relationship Graph
Total Relationships: 125
Primary Relationship Types:
- Same Network (CS-1711): 125+ instances
The relationship graph indicates strong network-level associations with CS-1711 network designation, suggesting this IP is part of a larger organizational infrastructure cluster.
---
## Recommended Actions
Firewall Rules Generated:
| Platform | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 216.151.137.28 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 216.151.137.28 drop` |
| nginx | `deny 216.151.137.28;` |
| pfSense | `216.151.137.28/32` |
| Cloudflare WAF | Block with expression `ip.src eq 216.151.137.28` |
| AWS WAF | Block address `216.151.137.28/32` |
---
## Intelligence Narrative
The IP address 216.151.137.28 represents Cisco Webex LLC infrastructure in New York with a moderate risk profile. While the specific IP shows no direct malicious indicators, its placement in a high-abuse density subnet (216.151.137.0/24) suggests potential for opportunistic abuse or compromised endpoints within the network. The infrastructure is firewalled with no open services, indicating legitimate hosting or corporate use.
Recommendation: Implement monitoring rather than aggressive blocking. The neighborhood context (high_abuse classification, 97 active siblings) suggests network-wide activity patterns. Consider subnet-level policy if false positives are not a concern. Monitor for any escalation in threat signals or emergence of malicious indicators on this or related addresses in the 216.151.137.0/24 range.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cisco Webex LLC |
| ASN | AS13445 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 3 |
| routing | 20% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 30% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 24% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:07 UTC |
| Last Seen | 2026-06-26 18:12:05 UTC |
| Profile Built | 2026-06-27 01:43:05 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 44 |
Full dossier details are available via our API.