45.133.5.183

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## IP Intelligence Briefing: 45.133.5.183/32

Classification: Moderate Risk – High-Abuse Subnet Environment

---

Executive Summary

Target IP 45.133.5.183 presents moderate risk (score: 40) within a high-abuse network environment (subnet abuse density: 0.8077). The IP is assigned to ASN 137409 (gsl networks pty ltd) under organization "VPN Consumer Sydney, Australia" but exhibits geolocation inconsistencies suggesting potential misrepresentation. No active services detected; IP classified as firewalled with no open ports.

---

Ownership & Infrastructure

ASN: 137409 (gsl networks pty ltd)
Organization: VPN Consumer Sydney, Australia
CIDR Block: 45.133.5.0/24
Geolocation: Reports AU (NSW region) but coordinates indicate Singapore (1.2929°N, 103.8547°E)
GeoValidation Anomaly: RTT measurements show 211ms vs. minimum possible 330.6ms for reported AU distance (16,532km) — indicates false geo-attribution

---

Network Environment Assessment

Subnet: 45.133.5.0/24

Abuse Density: 0.8077 (high_abuse classification)
Total Siblings: 52 IPs
Active Siblings: 22 IPs
Threat Siblings: 42 IPs
Risk Distribution: 0 high-risk, 39 medium-risk, 12 low-risk

The subnet demonstrates significant abuse activity with 81% of neighbors flagged as threat IPs. This contextual risk elevates the baseline threat level for the target IP.

---

Threat Indicators

Abuse Confidence Score: Not calculated
Blacklist Count: 0 direct blacklists
DNSBL Listings: 1 of 8 total threat feeds
Known Campaigns: None identified
Is Tor Exit: No
Is Known Attacker: No
Is Spam Source: No
Threat Persistence: 0 days (not persistently malicious)

---

Network Services & DNS

Open Ports: None detected
TLS Certificate: None
Forward Resolution: Not confirmed
Hosted Domains: 0
Email Auth: SPF/DMARC not configured
Service Purpose: Firewalled / No Services

---

Historical Observation Timeline (18 Observations)

Recent activity confirms subnet-level abuse classification (confidence: 0.75) observed on 2026-06-05. Multiple signals indicate consistent abuse patterns across the /24 block. Geolocation signals show AU and Singapore attributions with low confidence (0.28–0.30), supporting the geo-validation anomaly.

---

Recommended Security Actions

Immediate Mitigation:

iptables: `iptables -A INPUT -s 45.133.5.183 -j DROP`
nftables: `nft add rule inet filter input ip saddr 45.133.5.183 drop`
nginx: `deny 45.133.5.183;`
pfSense: `45.133.5.183/32`

Extended Blocking (Cloudflare/AWS WAF):

Block IP 45.133.5.183/32 with description "IPDebrief risk 40"

Contextual Recommendation: Consider subnet-level blocking (45.133.5.0/24) given 81% threat sibling density and high-abuse classification, though this will affect legitimate traffic within the provider block.

---

Intelligence Notes

1. Geo-Location Discrepancy: IP reports AU location but RTT metrics and coordinate data indicate Singapore placement — potential VPN/proxy misrepresentation.

2. Subnet Risk: High-abuse environment (0.8077 density) suggests provider may be compromised or misconfigured for residential/VPN services.

3. No Active Services: Firewall configuration prevents service enumeration; threat indicators rely on passive reputation feeds.

4. Action Priority: Moderate — block at perimeter, monitor for subnet-wide activity patterns.

---

Generated: IPDebrief Intelligence Platform

Status: Actionable intelligence for SOC review

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇦🇺 Australia
Region	NSW
City	Singapore
Timezone	—
Latitude	-33.87
Longitude	151.20

🏢 Ownership & Registration

Organization	VPN Consumer Sydney, Australia
ASN	AS137409
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	25%	2	4
routing	13%	1	1
services	15%	2	2
ownership	24%	2	3
reputation	22%	1	3
geolocation	24%	2	3
Overall	20%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-09 22:11:17 UTC
Last Seen	2026-06-25 21:13:50 UTC
Profile Built	2026-06-25 21:21:50 UTC
Data Freshness	Live
Signal Types	19
Total Observations	19

🔍 19 signal types · 19 observations collected

This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

45.133.5.183📋 Copy