# IP Intelligence Briefing: 216.151.138.48
## Executive Summary
IP address 216.151.138.48 is assigned to Cisco Webex LLC (ASN 13445) with a moderate risk score of 40. The IP is currently firewalled with no active services, though the /24 neighborhood exhibits elevated abuse density. No active threat indicators or malicious behavior observed.
---
## Ownership and Infrastructure
- Organization: Cisco Webex LLC
- ASN: 13445
- Geolocation: San Jose, California, US
- BGP Prefix: 216.151.128.0/20
- Registration: ARIN (allocated 1999-06-09)
- Control Plane: Route stable with origin ASN 13445, no MOAS concerns
## Risk Assessment
- Risk Score: 40 (Moderate Risk)
- DNSBL Listings: 1 of 8 total lists
- Operator Score: 0.2174 (Minimal)
- Abuse Confidence: Low
- Threat Indicators: None detected
## Network Classification
- Infrastructure Type: Enterprise/Hosting
- Service Status: Firewalled / No Services
- Not classified as: CDN, Cloud, VPN, Proxy, Tor, Mobile, or Bogon
- Anycast: No
- Cloud Provider: Not detected
## Neighborhood Analysis
- Subnet: 216.151.138.0/24
- Active Siblings: 151 of 256 IPs
- Abuse Density: High
- Risk Distribution: 97 medium, 3 low, 0 high risk
- Neighboring IPs: Multiple IPs with risk scores ranging 25-49, indicating elevated subnet-level activity
## Historical Observations
- Total Signals: 52 observations
- Ownership Stability: Consistent ASN assignment since 1999
- Prefix Stability: 216.151.128.0/20 stable with no 30-day changes
- Recent Activity: No new threat indicators or reputation changes
- Persistence: No persistent malicious behavior detected
## Behavioral Indicators
- Honeypot Hits: 0
- Enumeration Strikes: 0
- WAF Violations: 0
- Total Incidents: 0
- Threat Observation Count: 1
## Threat Intelligence
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Associated Campaigns: None
- Correlated IPs: None detected
- Cert Matches: 0
---
## Recommended Actions
Immediate Mitigation
```bash
# iptables
iptables -A INPUT -s 216.151.138.48 -j DROP
# nftables
nft add rule inet filter input ip saddr 216.151.138.48 drop
# pfSense
216.151.138.48/32
```
Cloud/WAF Rules
- Cloudflare WAF: Block with expression `ip.src eq 216.151.138.48`
- AWS WAF: Add to blocked addresses as `216.151.138.48/32`
- Nginx: `deny 216.151.138.48;`
## Analyst Notes
While this IP belongs to a legitimate enterprise infrastructure (Cisco Webex), the high abuse density in the /24 subnet warrants monitoring. The IP itself shows no active malicious behavior, but subnet-level threats may correlate with this address. Consider implementing rate limiting at the subnet level (216.151.138.0/24) if blocking individual IPs is not operationally feasible. Monitor for any changes in ownership or reputation trends using historical observation data.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cisco Webex LLC |
| ASN | AS13445 |
| Network Name | β |
| CIDR Block | 216.151.128.0/20 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 40% | 2 | 3 |
| services | 17% | 2 | 3 |
| ownership | 28% | 3 | 4 |
| reputation | 27% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 28% | 12 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:05:09 UTC |
| Last Seen | 2026-06-26 18:12:06 UTC |
| Profile Built | 2026-06-27 01:14:19 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 53 |
Full dossier details are available via our API.