45.148.10.159
# IP Intelligence Briefing: 45.148.10.159/32
Classification: Moderate Risk
Date Generated: 2026-06-23
Analyst: Automated Intelligence System
---
## Executive Summary
IP address 45.148.10.159 was assessed with a moderate risk score of 55/100. The address belongs to ASN 48090 (ABUSE DEP) and is situated within a high-abuse subnet (45.148.10.0/24) showing elevated abuse density of 0.5106. The IP is classified as firewalled with no active services detected, though it maintains presence on three DNS blacklist feeds.
---
## Risk Profile
The target IP maintained a reputation classification of "Moderate Risk" with a risk score of 55. Provider and authority scores were not applicable (0), and stability metrics remained uncomputed. The IP is not identified as a Tor exit node, known attacker, or spam source. No active threat indicators or campaign correlations were detected.
Key Risk Indicators:
- Risk Score: 55/100
- DNSBL Listings: 3/8 total feeds
- Operator Score: 0.1304 (Minimal)
- Route Stability: False (routing anomalies detected)
- Abuse Confidence: Not scored
---
## Geographic and Network Context
Geolocation data indicated Romania (RO) with coordinates 45.94, 24.97, though geo-plausibility validation returned false. The IP resolved to Amsterdam region with a 300km accuracy radius. The control plane analysis identified BGP prefix 45.148.10.0/24 with origin ASN 48090.
Network Classification:
- ASN: 48090 (ABUSE DEP)
- RIR: ARIN
- CIDR Block: 45.148.10.0/24
- Service Purpose: Firewalled / No Services
- Is Cloud: False
- Is CDN: False
---
## Subnet Neighborhood Analysis
The /24 neighborhood (45.148.10.0/24) demonstrated significant abuse characteristics:
- Total Siblings: 47 IPs
- Active Siblings: 39 IPs
- Threat Siblings: 24 IPs (51% of active)
- Abuse Density: 0.5106
- Risk Classification: High Abuse
Risk distribution across the subnet: 23 high-risk, 21 medium-risk, 4 low-risk addresses. Notable neighbors included 45.148.10.21 and 45.148.10.25 (both risk score 80), indicating clustering of malicious activity.
---
## Temporal Analysis
Observation history recorded 19 total signal observations spanning June 2026. Recent signals included:
- 2026-06-23: Ownership and reputation signals at 0.23-0.30 confidence
- 2026-06-18: Subnet abuse density signal (0.75 confidence), service scan (0.70 confidence), geolocation signal (0.35 confidence)
The IP is not persistently malicious (0 threat persistence days, 1 threat observation count). Ownership remained stable with 0 changes recorded.
---
## Relationship Graph
The relationship analysis returned 16 relationships, all categorized as "Same Network" with target value "DMZHOST". These relationships indicate the IP shares network infrastructure with 16 additional DMZ-hosted addresses.
---
## Recommended Actions
Immediate Actions:
1. Increase logging verbosity and review recent activity from this IP (High severity)
2. Implement blocking at perimeter defenses
Firewall Rules:
- iptables: `iptables -A INPUT -s 45.148.10.159 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 45.148.10.159 drop`
- nginx: `deny 45.148.10.159;`
- pfSense: `45.148.10.159/32`
- Cloudflare WAF: Block with expression `ip.src eq 45.148.10.159`
- AWS WAF: Address: 45.148.10.159/32
---
## Intelligence Assessment
The IP 45.148.10.159 represents moderate risk with elevated contextual threat due to high-abuse subnet density. While no active services or direct threat indicators were observed, the neighborhood context (51% threat siblings) warrants defensive blocking. The absence of open services suggests the IP may be used for command-and-control or as a dormant infrastructure component.
Recommendation: Block at perimeter with monitoring enabled. Consider implementing subnet-level filtering for 45.148.10.0/24 given the high-abuse classification and 24 threat-sibling addresses.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | ABUSE DEP |
| ASN | AS48090 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 18% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:21 UTC |
| Last Seen | 2026-06-23 13:17:51 UTC |
| Profile Built | 2026-06-23 13:23:41 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 18 |
Full dossier details are available via our API.