103.167.89.222

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING: 103.167.89.222/32

## Executive Summary

IP address 103.167.89.222 is a Vietnamese-based web server with an elevated risk score of 65/100. The IP belongs to JOBKEY-VN (ASN: 151858) within the APNIC RIR. While the subnet shows low abuse density, the IP presents moderate threat indicators including multiple DNSBL listings and historical threat signals. Recommended action: monitor closely or block depending on organizational threat posture.

---

## Ownership & Registration

Attribute	Value
Organization	IRT-VNNIC-AP (JOBKEY-VN)
ASN	151858
CIDR Block	103.167.88.0/23
RIR	APNIC
Country	Vietnam (VN)

---

## Threat Assessment

Risk Score: 65/100 (Moderate Risk)
Abuse Confidence Score: Null
Blacklist Count: 0
DNSBL Listings: 3 of 8 total lists
Tor Exit/Proxy/VPN: No
Known Attacker: False
Spam Source: False

Historical Threat Signals

23 total observations recorded
Recent signals include routing anomalies and threat indicators
One observation showed high-severity DNSBL listings
ASN-level pulse count: 32 associated threat pulses

---

## Network Services & Infrastructure

Service	Port	Status
HTTP	80/tcp	Open
HTTPS	443/tcp	Open
SSH	22/tcp	Open

TLS Certificate

Issuer: Let's Encrypt
Subject: mategourd.vn
Domains: mategourd.vn, www.mategourd.vn
Certificate Age: Active

Server Fingerprint

Web Server: nginx
HTTP Version: 2.0
HSTS: Enabled
HTTP/2: Enabled

---

## DNS Analysis

PTR Hostnames: None resolved
Forward Resolution: No entries
Hosted Domains: 0
Email Authentication (SPF/DMARC): Not configured
DNSSEC Valid: Yes

---

## Subnet Neighborhood Analysis

Subnet: 103.167.89.222/24
Abuse Density: 0 (Clean)
Threat Siblings: 0
Classification: Clean

---

## Recommended Security Actions

Monitoring (High Priority)

Increase logging verbosity and review recent activity from this IP due to elevated risk score (65/100).

Firewall Rules

```bash

# iptables

iptables -A INPUT -s 103.167.89.222 -j DROP

# nftables

nft add rule inet filter input ip saddr 103.167.89.222 drop

# nginx

deny 103.167.89.222;

```

Cloud Security Platforms

Cloudflare WAF: Block with expression `ip.src eq 103.167.89.222`
AWS WAF: Add address 103.167.89.222/32 with description "IPDebrief risk 65"

---

## Intelligence Narrative

The IP 103.167.89.222 operates as a public-facing web server in Vietnam under the JOBKEY-VN organization. Despite showing no active campaigns or known attacker signatures, the moderate risk score (65) stems from historical DNSBL listings and elevated threat pulse counts at the ASN level. The subnet itself remains clean with no neighboring threats, suggesting the risk is isolated to this specific IP. The IP lacks email authentication and has multiple DNSBL associations, indicating prior abuse history. Recommended defensive posture: monitor activity patterns for escalation or block if organizational policy requires pre-emptive mitigation against IPs with risk scores exceeding 60.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇻🇳 Vietnam
Region	—
City	—
Timezone	Asia/Ho_Chi_Minh
Latitude	16.17
Longitude	107.83

🏢 Ownership & Registration

Organization	IRT-VNNIC-AP
ASN	AS151858
Network Name	JOBKEY-VN
CIDR Block	103.167.88.0/23
RIR	APNIC
Country	VN
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Web Server
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	nginx
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3

🔐 TLS Certificate

An expired certificate for CN=mategourd.vn was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.

🔒

CN=mategourd.vn

Issued by CN=R13, O=Let's Encrypt, C=US

Self-signed: No

SANs	mategourd.vnwww.mategourd.vn
Valid From	2026-03-30T20:03:15+00:00
Valid Until	2026-06-28T20:03:14+00:00 (expired)
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	89 days
Serial Number	05377FCD87E1DCA49F79C6AF9C128BD48CB4
Thumbprint	E7347944DE3DE7264D514BCC2FCFF1FC473C4E75

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	35%	2	4
routing	13%	1	1
services	31%	2	3
ownership	27%	2	3
reputation	15%	1	2
geolocation	32%	2	3
Overall	26%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Fresh

First Seen	2026-05-07 23:03:25 UTC
Last Seen	2026-06-26 18:10:13 UTC
Profile Built	2026-06-22 11:03:46 UTC
Data Freshness	Fresh
Signal Types	21
Total Observations	22

🔍 21 signal types · 22 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

103.167.89.222📋 Copy