103.125.103.201

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: 103.125.103.201/32

## Executive Summary

IP address 103.125.103.201 is classified as MODERATE RISK (score: 50/100). The IP belongs to Indonesian network LINTASARTA-NET (ASN 38513, IRT-LINTASARTA-ID) and demonstrates no active open services. The IP is listed on two DNSBL entries with high-severity classifications. One neighboring threat entity exists within the 103.125.103.0/24 subnet.

## Network Ownership & Geolocation

ASN: 38513 (IRT-LINTASARTA-ID)
Organization: LINTASARTA-NET
Network Block: 103.125.103.0/24
Location: Indonesia, Jakarta region
Registration: APNIC RIR
Status: Firewalled / No Services

## Threat Assessment

Indicator	Status
Known Attacker	No
Spam Source	No
Tor Exit Node	No
CDN/Cloud/Proxy	No
Blacklist Listings	2 of 8
Max Severity	High

The IP's threat indicators remain empty, but DNSBL listings indicate prior reputation issues. The IP shows no active services or open ports, consistent with firewalled behavior.

## Network Neighborhood Analysis

Subnet: 103.125.103.0/24
Abuse Density: 1 (low)
Classification: Mostly Clean
Total Siblings: 1
Active Siblings: 0
Threat Siblings: 1
Inherited Risk: 2

The /24 subnet contains one threat-adjacent IP, suggesting localized risk within the network block.

## Historical Observation

23 total observations recorded. Most recent activity from 2026-06-22 showed DNSBL listings with high severity ratings. Earlier observations (2026-06-17) indicated minimal operator scores (0.2174). The IP demonstrates no persistent malicious behavior over time.

## Infrastructure Relationships

Network Association: LINTASARTA-NET (multiple same-network relationships)
DNS Associations: Multiple error-state hostname associations detected

## Recommended Actions

Based on risk profile, the following mitigation measures are recommended:

Platform	Rule
iptables	`iptables -A INPUT -s 103.125.103.201 -j DROP`
nftables	`nft add rule inet filter input ip saddr 103.125.103.201 drop`
nginx	`deny 103.125.103.201;`
pfSense	`103.125.103.201/32`
Cloudflare WAF	Block IP with description "IPDebrief risk score 50"
AWS WAF	Address 103.125.103.201/32

## Analyst Notes

This IP presents moderate risk primarily due to DNSBL listings and one threat-adjacent neighbor. No active services or open ports detected. The Indonesian hosting infrastructure (LINTASARTA-NET) operates within APNIC registry. Recommend monitoring the 103.125.103.0/24 subnet for correlated activity.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇮🇩 Indonesia
Region	Jakarta
City	Menara Thamrin Bulding 12th Floor
Timezone	—
Latitude	22.26
Longitude	114.17

🏢 Ownership & Registration

Organization	IRT-LINTASARTA-ID
ASN	AS38513
Network Name	LINTASARTA-NET
CIDR Block	103.125.103.0/24
RIR	APNIC
Country	ID
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Single-Service Host
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
22	ssh	tcp	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15
Closed Ports	25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned)

Server	—
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	24%	2	3
routing	13%	1	1
services	11%	1	2
ownership	24%	2	3
reputation	21%	1	3
geolocation	35%	2	3
Overall	21%	9	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:03:25 UTC
Last Seen	2026-06-22 06:06:31 UTC
Profile Built	2026-06-22 06:13:41 UTC
Data Freshness	Live
Signal Types	21
Total Observations	23

🔍 21 signal types · 23 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

103.125.103.201📋 Copy