103.147.248.44

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 103.147.248.44/32

## Executive Summary

IP 103.147.248.44 is classified as High Risk (Score: 80/100) despite operating within a subnet showing low abuse density. The address belongs to ASN 153283 (IRT-SOFTCROP-IN) and is registered to SOFTCROP network in Assam, India. While no direct threat indicators or known campaigns were identified, the IP is listed on 5 of 8 DNSBLs and exhibits characteristics warranting monitoring.

## Network Profile

ASN: 153283 (IRT-SOFTCROP-IN)
Network: SOFTCROP (103.147.248.0/23)
Geolocation: Assam, Kamrup Metropolitan District, India (IN)
Service Role: Web Server (HTTP/HTTPS)
Control Plane: Route stable, DNSSEC valid, CAA records present

## Technical Indicators

Open Ports: TCP/80, TCP/443
Server Banner: nginx
TLS Certificate: CN=uservsftpd (issuer and subject match; certificate validity requires validation)
HTTP Version: 1.1
HSTS: Enabled (max-age=63072000)
Powered By: Express.js

## Threat Assessment

DNSBL Listings: 5 of 8 total lists
Abuse Confidence Score: Not computed
Known Attacker: False
Tor Exit Node: False
Blacklist Count: 0 (DNSBL only)
Threat Persistence: 0 days; not persistently malicious
Threat Observation Count: 1

## Temporal Analysis

Historical observation data spans 26 observations with recent activity recorded on 2026-06-17. HTTP fingerprinting confirms nginx serving Express.js applications with HTTP/1.1. TLS 1.2 cipher suite (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) indicates reasonable encryption posture. HSTS enforcement is active.

## Neighborhood Context

The /24 subnet (103.147.248.0/24) shows:

Abuse Density: 0 (classification: mostly_clean)
Active Siblings: 0
Neighbor Risk: One neighboring IP (103.147.248.23) with risk score 70

The discrepancy between individual IP risk (80) and subnet abuse density (0) suggests isolated activity rather than coordinated subnet-level abuse.

## Relationship Graph

29 relationships identified, primarily same-network associations with SOFTCROP. DNS association records indicate resolution attempts to internal address 192.168.2.108#53, likely local DNS infrastructure references.

## Recommended Actions

Monitoring: Flag for ongoing observation due to DNSBL presence despite lack of direct threat indicators
Firewall: No immediate blocking recommended; monitor for behavioral patterns
Investigation Priority: Medium – investigate DNSBL listing sources and certificate validity
Correlation: Review traffic patterns to 103.147.248.23 (neighbor IP with risk score 70)

## Intelligence Narrative

This IP represents a high-risk web server endpoint with elevated reputation scores but limited direct threat attribution. The combination of DNSBL listings and Express.js application hosting suggests potential misuse or reputation degradation. The subnet-level cleanliness indicates this risk is not shared across the SOFTCROP network. SOC analysts should monitor for activity patterns and validate the nature of DNSBL listings before implementing blocking measures.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇮🇳 India
Region	Assam
City	Kamrup Metropolitan District
Timezone	—
Latitude	26.05
Longitude	92.01

🏢 Ownership & Registration

Organization	IRT-SOFTCROP-IN
ASN	AS153283
Network Name	SOFTCROP
CIDR Block	103.147.248.0/23
RIR	APNIC
Country	IN
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Web Server
Network Tier	Tier 3 — Basic operator with some routing infrastructure

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
Closed Ports	22, 25, 3389, 8080, 8443 (2 open / 7 scanned)

Server	nginx
HTTP Title	—

🔐 TLS Certificate

A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.

⚠️

CN=uservsftpd

Issued by CN=uservsftpd

Self-signed: Yes

SANs	None
Valid From	2019-07-01T15:58:34+00:00
Valid Until	2119-06-07T15:58:34+00:00
TLS Protocol	Tls12
Cipher Suite	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	36500 days
Serial Number	00925F2A1D715F4C64
Thumbprint	0544A1C64AF2B1CEB875A4F7DD2A338507751754

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	24%	2	3
routing	27%	2	3
services	30%	2	4
ownership	24%	2	3
reputation	21%	1	3
geolocation	32%	2	3
Overall	26%	11	19

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Recent

First Seen	2026-05-07 23:03:25 UTC
Last Seen	2026-06-26 18:10:12 UTC
Profile Built	2026-06-27 04:14:10 UTC
Data Freshness	Recent
Signal Types	25
Total Observations	26

🔍 25 signal types · 26 observations collected

This report is generated from 25+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

103.147.248.44📋 Copy