103.13.206.100

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 103.13.206.100

## Executive Summary

IP address 103.13.206.100 presents a Moderate Risk profile (risk score 65/100) with no confirmed malicious activity. The IP is associated with IRT-IDNIC-ID (ASN 138608) and resolves to gionex.asia. While currently clean of direct threat indicators, the IP is listed on 2 DNS blacklists and warrants enhanced monitoring.

## Ownership and Geolocation

ASN: 138608 (IRT-IDNIC-ID)
Organization: IANA-BLOCK
Geolocation: Indonesia (ID), reported as Singapore (Downtown Core) with 1500km accuracy radius
Network Registration: CIDR Block 0.0.0.0/0
RIR: APNIC

## Technical Profile

DNS: sg1.gionex.asia (forward resolution confirmed)
Open Ports: TCP/80 (HTTP), TCP/22 (SSH)
Web Server: Apache/2.4.41 (Ubuntu)
TLS/SSL: No certificate detected
Email Auth: SPF and DMARC records present

## Threat Assessment

Risk Score: 65/100 (Moderate)
Blacklist Status: Listed on 2 of 8 DNS blacklists (max severity: high)
Threat Indicators: None detected
Campaign Association: No known campaigns
Tor/VPN/Proxy: Not classified as Tor exit node, VPN, proxy, or hosting service
Control Plane: Route not stable (route changes detected in 30-day period)
Reputation: Minimal operator score (0.1304)

## Historical Observations

Observation Count: 25 signals tracked
Recent Activity: Last observed 2026-06-22T06:14:01
Ownership Changes: 1 change recorded
Average Ownership Duration: 7 days
Threat Persistence: 0 days (not persistently malicious)
Blacklist Trend: Listed on 2-3 entries with high severity across observation period

## Network Neighborhood Analysis (103.13.206.0/24)

Subnet Classification: Clean
Abuse Density: 0
Total Siblings: 9 (5 active)
Threat Siblings: 0
Risk Distribution: 2 medium-risk, 6 low-risk, 0 high-risk
Notable Neighbors:

- 103.13.206.122 (risk: 50)

- 103.13.206.208 (risk: 40)

- 103.13.206.18 (risk: 0)

## Recommended Actions

Immediate

Increase logging verbosity for traffic from this IP source
Review recent activity for any anomalous patterns

Firewall Rules

iptables: `iptables -A INPUT -s 103.13.206.100 -j DROP`
nftables: `nft add rule inet filter input ip saddr 103.13.206.100 drop`
nginx: `deny 103.13.206.100;`
pfSense: Add 103.13.206.100/32 to blocklist
Cloudflare WAF: Block with expression `ip.src eq 103.13.206.100`
AWS WAF: Add 103.13.206.100/32 to IP set

Intelligence Notes

The IP shows no evidence of active malicious activity despite blacklist listings. The moderate risk score appears driven by DNS blacklist presence rather than confirmed attack indicators. Monitor for changes in threat persistence and ownership patterns. The subnet (103.13.206.0/24) demonstrates low abuse density with no high-risk neighbors, suggesting the IP's risk may be isolated.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇮🇩 Indonesia
Region	—
City	Singapore (Downtown Core)
Timezone	—
Latitude	-6.18
Longitude	106.83

🏢 Ownership & Registration

Organization	IRT-IDNIC-ID
ASN	AS138608
Network Name	IANA-BLOCK
CIDR Block	0.0.0.0/0
RIR	APNIC
Country	ID
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	sg1.gionex.asia
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`sg1.gionex.asia`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Present
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Multi-Service Host
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.13
Closed Ports	25, 443, 3389, 8080, 8443 (2 open / 7 scanned)

Server	Apache/2.4.41 (Ubuntu)
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.13

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	32%	2	3
routing	13%	1	1
services	26%	2	3
ownership	27%	2	3
reputation	17%	1	2
geolocation	21%	2	2
Overall	23%	10	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:03:25 UTC
Last Seen	2026-06-26 18:10:12 UTC
Profile Built	2026-06-22 06:20:34 UTC
Data Freshness	Live
Signal Types	25
Total Observations	26

🔍 25 signal types · 26 observations collected

This report is generated from 25+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

103.13.206.100📋 Copy