216.151.138.148
# IP Intelligence Briefing: 216.151.138.148
Classification: Moderate Risk Infrastructure IP
Analysis Date: Current
Risk Score: 40/100
## Executive Summary
IP address 216.151.138.148 belongs to Cisco Webex LLC (ASN 13445) and is geolocated to San Jose, California. The IP presents moderate risk (score 40) with no open services detected. While the immediate threat profile shows limited malicious activity, neighborhood analysis indicates mixed risk distribution within the /24 subnet.
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **Organization** | Cisco Webex LLC |
| **ASN** | AS13445 |
| **BGP Prefix** | 216.151.128.0/20 |
| **Geolocation** | San Jose, CA, US |
| **Network Role** | Firewalled / No Services |
| **DNS Status** | Forward resolution failed |
| **Route Stability** | Stable (no changes in 30 days) |
## Threat Indicators
- Current Risk Score: 40 (Moderate)
- Known Campaigns: None identified
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Blacklist Status: Listed on 1 DNSBL (of 8 total checks)
- Abuse Confidence: Not quantified in current profile
## Neighborhood Analysis
Subnet: 216.151.138.148/24
| Metric | Value |
|---|---|
| **Total Siblings** | 256 |
| **Active Siblings** | 161 |
| **Threat Siblings** | 256 |
| **Abuse Density** | 0.0 (Profile) / High Abuse Classification |
| **Risk Distribution** | High: 0, Medium: 73, Low: 27 |
Key Observation: The subnet shows heterogeneous risk distribution with 73 medium-risk IPs and 27 low-risk IPs, despite the target IP scoring 40. This suggests the risk is isolated to specific addresses rather than subnet-wide.
## Observation History
Total Observations: 57
Recent signals indicate:
- Subnet Classification: Mostly Clean (abuse density 0.168)
- ASN Confirmation: Cisco Webex LLC, US (ARIN)
- Threat Pulses: 50 pulses detected in AlienVault OTX feeds
- DNSBL Status: Listed on 8 total lists (0 currently listed - potential data lag)
## Relationship Graph
Total Relationships: 173
- Primary Type: Same Network (CS-1711 - 168+ entries)
- No External Organization/Hostname Links: None identified
- Certificate Associations: None detected
## Recommended Security Actions
Despite moderate risk scoring, automated recommendations suggest blocking due to DNSBL presence and neighborhood risk factors.
Recommended Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 216.151.138.148 -j DROP
# nftables
nft add rule inet filter input ip saddr 216.151.138.148 drop
# nginx
deny 216.151.138.148;
# pfSense
216.151.138.148/32
# Cloudflare WAF
ip.src eq 216.151.138.148 β Block
# AWS WAF
Addresses: [216.151.138.148/32]
```
## Analyst Recommendations
1. Monitor, Don't Block Immediately: The IP shows moderate risk (40) with no active attack indicators. The Cisco Webex association suggests legitimate infrastructure.
2. Review DNSBL Listings: Investigate the 1 DNSBL listing to determine if it affects legitimate Webex traffic or represents a false positive.
3. Subnet Context: The /24 subnet shows mixed risk (73 medium, 27 low). Evaluate traffic patterns from related IPs in the 216.151.138.0/24 range.
4. Behavioral Monitoring: No honeypot hits, enumeration strikes, or WAF violations observed. Establish baseline traffic patterns for this ASN.
5. Historical Trend: 57 observations with stable ownership (0 changes). Threat persistence days: 0. No indication of escalating risk.
Final Assessment: Monitor for 7-14 days. Block only if traffic patterns indicate abuse or if DNSBL listing is confirmed as malicious. The IP appears to be legitimate Cisco infrastructure with elevated risk scoring due to neighborhood proximity to other flagged addresses.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cisco Webex LLC |
| ASN | AS13445 |
| Network Name | β |
| CIDR Block | 216.151.128.0/20 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 25% | 2 | 3 |
| services | 20% | 2 | 3 |
| ownership | 22% | 3 | 4 |
| reputation | 27% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 25% | 12 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:10 UTC |
| Last Seen | 2026-06-26 18:12:07 UTC |
| Profile Built | 2026-06-27 01:56:50 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 55 |
Full dossier details are available via our API.