# INTELLIGENCE BRIEFING: 103.125.103.201/32
## Executive Summary
IP address 103.125.103.201 is classified as MODERATE RISK (score: 50/100). The IP belongs to Indonesian network LINTASARTA-NET (ASN 38513, IRT-LINTASARTA-ID) and demonstrates no active open services. The IP is listed on two DNSBL entries with high-severity classifications. One neighboring threat entity exists within the 103.125.103.0/24 subnet.
## Network Ownership & Geolocation
- ASN: 38513 (IRT-LINTASARTA-ID)
- Organization: LINTASARTA-NET
- Network Block: 103.125.103.0/24
- Location: Indonesia, Jakarta region
- Registration: APNIC RIR
- Status: Firewalled / No Services
## Threat Assessment
| Indicator | Status |
|---|---|
| Known Attacker | No |
| Spam Source | No |
| Tor Exit Node | No |
| CDN/Cloud/Proxy | No |
| Blacklist Listings | 2 of 8 |
| Max Severity | High |
The IP's threat indicators remain empty, but DNSBL listings indicate prior reputation issues. The IP shows no active services or open ports, consistent with firewalled behavior.
## Network Neighborhood Analysis
- Subnet: 103.125.103.0/24
- Abuse Density: 1 (low)
- Classification: Mostly Clean
- Total Siblings: 1
- Active Siblings: 0
- Threat Siblings: 1
- Inherited Risk: 2
The /24 subnet contains one threat-adjacent IP, suggesting localized risk within the network block.
## Historical Observation
23 total observations recorded. Most recent activity from 2026-06-22 showed DNSBL listings with high severity ratings. Earlier observations (2026-06-17) indicated minimal operator scores (0.2174). The IP demonstrates no persistent malicious behavior over time.
## Infrastructure Relationships
- Network Association: LINTASARTA-NET (multiple same-network relationships)
- DNS Associations: Multiple error-state hostname associations detected
## Recommended Actions
Based on risk profile, the following mitigation measures are recommended:
| Platform | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 103.125.103.201 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 103.125.103.201 drop` |
| nginx | `deny 103.125.103.201;` |
| pfSense | `103.125.103.201/32` |
| Cloudflare WAF | Block IP with description "IPDebrief risk score 50" |
| AWS WAF | Address 103.125.103.201/32 |
## Analyst Notes
This IP presents moderate risk primarily due to DNSBL listings and one threat-adjacent neighbor. No active services or open ports detected. The Indonesian hosting infrastructure (LINTASARTA-NET) operates within APNIC registry. Recommend monitoring the 103.125.103.0/24 subnet for correlated activity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-LINTASARTA-ID |
| ASN | AS38513 |
| Network Name | LINTASARTA-NET |
| CIDR Block | 103.125.103.0/24 |
| RIR | APNIC |
| Country | ID |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 11% | 1 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 21% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 21% | 9 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:25 UTC |
| Last Seen | 2026-06-22 06:06:31 UTC |
| Profile Built | 2026-06-22 06:13:41 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 23 |
Full dossier details are available via our API.