# IP INTELLIGENCE BRIEFING: 45.153.34.16
Classification: Moderate Risk
Date: Current
Status: Active Monitoring Required
---
## EXECUTIVE SUMMARY
IP 45.153.34.16 is a single-service host located in Eygelshoven, Netherlands, operating under ASN 197170 (TechTies-Inc / VMHeaven). The address presents moderate risk (score: 60) with open RDP port 3389 exposed. The /24 subnet exhibits elevated abuse density with 14 threat siblings, indicating a potentially compromised hosting environment.
---
## OWNERSHIP & GEOLOCATION
- ASN: 197170 (TechTies-Inc)
- Organization: mnt-de-xsserver-1
- Network: 45.153.34.0/24
- Country: Netherlands (NL)
- City: Eygelshoven, Limburg
- Registration Registry: RIPE (ripencc)
- Route Stability: Unstable (2 changes in 30 days)
---
## NETWORK THREAT PROFILE
Risk Assessment: Moderate Risk (60)
Service Exposure: RDP (port 3389/tcp)
Infrastructure Type: Single-Service Host
Threat Indicators:
- Blacklist Count: 0
- Is Tor Exit: No
- Is Known Attacker: No
- Is Spam Source: No
- DNSBL Listed: 2 of 8 total lists
---
## NEIGHBORHOOD ANALYSIS
Subnet: 45.153.34.0/24
Total Siblings: 26
Active Siblings: 19
Threat Siblings: 14
Abuse Density: 0.5385 (High)
Elevated Risk Neighbors (Score โฅ65):
- 45.153.34.71 (65)
- 45.153.34.112 (65)
- 45.153.34.114 (65)
- 45.153.34.149 (80)
- 45.153.34.181 (65)
- 45.153.34.186 (65)
- 45.153.34.195 (65)
- 45.153.34.224 (70)
- 45.153.34.235 (65)
Risk Distribution in /24:
- High Risk: 1
- Medium Risk: 21
- Low Risk: 3
---
## OBSERVATION HISTORY
Total Signals: 27 observations
Recent Activity: June 23, 2026
Key Historical Signals:
- ASN 197170 allocation confirmed (RIPE, allocated 20 days prior to observation)
- Prefix routing instability detected (2 changes in 30-day window)
- Certificate scanning detected (no certificates resolved)
- Threat persistence: 0 days (not persistently malicious)
---
## RELATIONSHIP GRAPH
Total Relationships: 42
Network Associations: Multiple "Same Network" relationships to VMHeaven infrastructure
---
## RECOMMENDED ACTIONS
1. Block RDP Access: Implement firewall rules to block inbound traffic to port 3389 from this IP.
2. Monitor Subnet Activity: Given high abuse density (0.5385) and 14 threat siblings, monitor all /24 addresses for correlated malicious activity.
3. Alert on Port Scans: Configure IDS/IPS to alert on RDP connection attempts to this subnet.
4. DNSBL Verification: Confirm current blacklist status on all 8 DNSBL sources.
5. Route Stability Monitoring: Track routing changes for ASN 197170; instability may indicate hosting provider issues.
---
## INTELLIGENCE NOTE
This IP operates within a VM hosting environment (VMHeaven) with documented abuse characteristics. The combination of open RDP exposure and high-density abuse in the /24 subnet suggests this infrastructure may be misused for credential brute-force or lateral movement. SOC analysts should treat incoming connections from this subnet with elevated scrutiny.
---
End of Briefing
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
| Honeypot | Trap endpoint probes | 1 |
| Enumeration | Path/resource enumeration | 2 |
๐ข Ownership & Registration
| Organization | mnt-de-xsserver-1 |
| ASN | AS197170 |
| Network Name | TechTies-Inc |
| CIDR Block | 45.153.34.0/24 |
| RIR | ARIN |
| Country | NL |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 3389 | rdp | tcp | โ |
| Closed Ports | 22, 25, 80, 443, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 32% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 32% | 3 | 4 |
| reputation | 26% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 25% | 12 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:21 UTC |
| Last Seen | 2026-06-26 18:11:20 UTC |
| Profile Built | 2026-06-23 13:33:17 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 27 |
Full dossier details are available via our API.