216.151.138.17

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 216.151.138.17

## Executive Summary

The target IP 216.151.138.17 is a Cisco Webex LLC infrastructure address located in San Jose, California. Current risk assessment indicates moderate risk (score: 40) with no active threat indicators. The subnet demonstrates elevated abuse density requiring monitoring.

## Ownership and Infrastructure

Organization: Cisco Webex LLC (ASN: 13445)
Network: 216.151.128.0/20 (origin BGP prefix)
Location: San Jose, CA, US
Services: Firewalled / No Services Detected
Open Ports: None identified

## Risk Profile

Risk Score: 40 (Moderate Risk)
Abuse Confidence: Not applicable (no active indicators)
Blacklist Status: Listed on 2 of 8 DNSBLs
Known Attacker: No
Tor Exit Node: No
Campaign Affiliation: None identified

## Network Context

The /24 subnet (216.151.138.0/24) shows elevated abuse density with 256 total siblings and 151 active. Neighbor risk distribution indicates 100 medium-risk addresses. This suggests the subnet is a legitimate Cisco Webex infrastructure block with normal operational variance.

## Historical Signals

Forty-two observations collected since early June 2026. Recent signal patterns show consistent "Minimal" operator scoring (0.0) across multiple time windows. No escalation in threat activity detected.

## Threat Indicators

No active threat indicators present:

Zero honeypot hits
Zero enumeration strikes
Zero WAF violations
No associated threat feeds or campaigns

## Recommended Actions

Given the moderate risk score and subnet abuse density, the following controls are recommended:

Immediate:

```bash

iptables -A INPUT -s 216.151.138.17 -j DROP

```

Cloud Platform Rules:

Cloudflare WAF: Block 216.151.138.17
AWS WAF: Add 216.151.138.17/32 to blocklist
pfSense: 216.151.138.17/32

## Intelligence Assessment

This IP represents Cisco Webex legitimate infrastructure. While the risk score of 40 warrants blocking based on automated scoring, the absence of active threat indicators suggests this may be a false positive or precautionary measure. The subnet's abuse density reflects typical enterprise cloud infrastructure patterns.

Recommended SOC Action: Monitor for actual malicious activity. Block at perimeter level if score threshold policies require, but prioritize traffic analysis to confirm no genuine threats from this source.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	CA
City	San Jose
Timezone	—
Latitude	37.75
Longitude	-97.82

🏢 Ownership & Registration

Organization	Cisco Webex LLC
ASN	AS13445
Network Name	—
CIDR Block	216.151.128.0/20
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	28%	2	3
routing	40%	2	3
services	8%	1	1
ownership	28%	3	4
reputation	27%	1	3
geolocation	28%	2	3
Overall	26%	11	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:05:09 UTC
Last Seen	2026-06-26 18:12:06 UTC
Profile Built	2026-06-27 01:18:51 UTC
Data Freshness	Live
Signal Types	20
Total Observations	46

🔍 20 signal types · 46 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

216.151.138.17📋 Copy