103.161.170.12
# IP Intelligence Briefing: 103.161.170.12/32
Classification: Moderate Risk
Report Date: Based on available intelligence through June 2026
## Executive Summary
IP address 103.161.170.12 is a Vietnamese web server infrastructure endpoint operated by IRT-VNNIC-AP (ASN 135918). The asset carries a risk score of 65 (Moderate Risk), with evidence of DNSBL listing presence. While the IP itself shows no direct threat indicators, neighborhood analysis indicates related malicious activity within the /24 subnet.
## Ownership and Infrastructure
- Organization: IRT-VNNIC-AP (IRT Vietnam Network Information Center)
- Network Name: VINABISON-VN
- ASN: 135918
- CIDR Block: 103.161.170.0/23
- RIR: APNIC
- Geolocation: Hanoi, Vietnam (GeoPlausible: true)
- BGP Prefix: 103.161.170.0/23
- Route Stability: Stable (routeChanges30d: 0)
- RPKI State: Mismatch detected
## Network Services
- Open Ports: 80/tcp (HTTP), 443/tcp (HTTPS)
- Web Server: nginx/1.20.1
- TLS Certificate: Issued by Let's Encrypt (CN=E8, O=Let's Encrypt, C=US)
- Certificate Subject: CN=pa-2.ducnv25.id.vn
- Covered Domains: *.pa-2.ducnv25.id.vn, pa-2.ducnv25.id.vn
## Threat Indicators
- Blacklist Count: 3 of 8 DNSBL lists
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Campaign Correlation: None identified
- Known Campaigns: None
- Threat Feeds: Empty
## Control Plane Intelligence
- Operator Score: 0.3478 (Basic operator)
- IRR Consistency: Mismatch
- DNSSEC Valid: True
- CAA Records: Present
- Route Origin: ASN 135918 (103.161.170.0/23)
## Neighborhood Analysis (103.161.170.0/24)
- Subnet Classification: Mostly clean
- Abuse Density: 1 (Low to moderate)
- Total Siblings: 1 active
- Threat Siblings: 1 detected
- Inherited Risk: 2 (Low)
- Risk Distribution: High: 0, Medium: 0, Low: 0 (per current scan)
## Historical Observations
Analysis of 30 historical observations reveals:
- Route Stability: Consistent operator scores ranging 0.17โ0.35
- Geolocation Signals: Consistent Vietnam (VN) attribution with multi-signal inference
- Service Observations: HTTP/HTTPS services persistently observed
- Threat Persistence: 0 days (not persistently malicious)
- Ownership Changes: 0 detected
- Latest Signal: 2026-06-22 (route/geolocation confidence: 0.60)
## Intelligence Assessment
The target IP operates as a legitimate web infrastructure endpoint with standard web server functionality. While the IP itself shows no direct malicious activity, three DNSBL listings and a detected threat sibling within the /24 subnet warrant monitoring. The IRR mismatch and DNSBL presence suggest potential configuration or reputation issues at the network level.
## Recommended Actions
Based on current risk profile:
1. Monitor: Track DNSBL listing status and subnet activity
2. Allow: HTTP/HTTPS traffic from this IP is likely legitimate
3. Block: No immediate block required, but consider monitoring for abuse pattern correlation
4. Verify: Confirm service legitimacy if receiving traffic from this endpoint
---
*Intelligence compiled from IPDebrief platform data. For complete profile access, consult the full IPDebrief report.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-VNNIC-AP |
| ASN | AS135918 |
| Network Name | VINABISON-VN |
| CIDR Block | 103.161.170.0/23 |
| RIR | APNIC |
| Country | VN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | nginx/1.20.1 |
| HTTP Title | โ |
๐ TLS Certificate
CN=pa-2.ducnv25.id.vn was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.| SANs | *.pa-2.ducnv25.id.vnpa-2.ducnv25.id.vn |
| Valid From | 2025-10-09T14:54:05+00:00 |
| Valid Until | 2026-01-07T14:54:04+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 06AB112BD48E6926D16A963AD4BF404338B4 |
| Thumbprint | 610671B7BCB0C1BE292FDBDE4D9DDC17FA4BA518 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 27% | 3 | 4 |
| services | 26% | 2 | 4 |
| ownership | 24% | 2 | 3 |
| reputation | 21% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 25% | 12 | 21 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:25 UTC |
| Last Seen | 2026-06-26 18:10:13 UTC |
| Profile Built | 2026-06-22 06:35:33 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 29 |
Full dossier details are available via our API.