101.96.192.184
IP Intelligence Briefing: 101.96.192.184
Date: 2026-06-17
---
**1. Risk Profile**
- Risk Score: 40 (Moderate Risk)
- Provider: Unknown (ASN 137718, IRT-VOLCANO-ENGINE-CN)
- Geolocation: China (CN), no city/region specified.
- Threat Indicators: No malicious activity detected (no indicators, blacklists, or campaigns).
- Network Role: Firewalled / No Services (no open ports, TLS, or HTTP services).
---
**2. Historical Observations**
- Recent Activity (June 2026):
- Geolocation inferred in China (confidence: 52%).
- Subnet abuse density: 66.67% (mostly clean, but 2 of 3 siblings flagged as threats).
- No persistent malicious behavior or ownership changes.
---
**3. Relationships & Network Context**
- Linked Entities:
- Subnet: 101.96.192.0/21 (VOLCANO-ENGINE network).
- Neighboring IPs:
- 101.96.192.45 (Risk Score: 50)
- 101.96.192.88 (Risk Score: 40)
- Abuse Density: 66.67% (moderate risk within subnet).
---
**4. Recommended Actions**
- Firewall Rules:
- iptables: `iptables -A INPUT -s 101.96.192.184 -j DROP`
- Cloudflare WAF: Block IP with rule: `ip.src eq 101.96.192.184`
- AWS WAF: Add IP to rule with description "IPDebrief risk 40."
- Monitoring: Track subnet (101.96.192.0/21) for suspicious activity due to moderate abuse density.
---
**5. Summary**
The IP 101.96.192.184 is part of a network (VOLCANO-ENGINE) with moderate risk, no direct malicious indicators, and no active services. While the risk score is low (40), the subnet has a 66.67% abuse density, suggesting potential for related threats. SOC teams should monitor the subnet and consider blocking the IP if further activity is observed. No immediate action is required, but vigilance is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-VOLCANO-ENGINE-CN |
| ASN | AS137718 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 22% | 3 | 3 |
| services | 8% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 24% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 24% | 11 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (65%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:24 UTC |
| Last Seen | 2026-06-22 05:37:16 UTC |
| Profile Built | 2026-06-22 05:45:03 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 22 |
Full dossier details are available via our API.