103.18.166.147
# IP Intelligence Briefing: 103.18.166.147/32
## Executive Summary
IP address 103.18.166.147 is a Moderate Risk (Score: 40) network endpoint located in Amritsar, Punjab, India (AS132768, IRT-APNANET4-IN). The IP exhibits minimal operational activity with no open services detected. While the address itself shows no direct threat indicators, it resides within a subnet with elevated abuse density (26.36%), requiring monitoring context. Recommended action: Implement blocking controls at perimeter firewalls with awareness of neighborhood risk.
---
## Network Profile & Ownership
| Attribute | Value |
|---|---|
| **IP Address** | 103.18.166.147/32 |
| **Risk Score** | 40 (Moderate Risk) |
| **ASN** | 132768 |
| **Organization** | IRT-APNANET4-IN |
| **Country** | India (IN) |
| **Region** | Punjab (PB) |
| **City** | Amritsar |
| **RIR** | APNIC |
| **DNSBL Listings** | 2 of 8 lists |
Network Classification: Provider infrastructure with no discernible infrastructure role (not cloud, CDN, VPN, proxy, or hosting). Service status indicates firewalled/no services detected.
---
## Threat Indicators Assessment
Direct Threat Signals: None detected
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Campaign Affiliation: None identified
- Blacklist Count: 0
Control Plane: Route stability flagged as false with no route changes observed in the past 30 days. RPKI state and IRR consistency unavailable.
---
## Neighborhood Analysis (103.18.166.0/24)
Subnet Risk Profile:
- Abuse Density: 26.36%
- Classification: Mixed
- Total Siblings: 110
- Active Siblings: 6
- Threat Siblings: 29
High-Risk Neighbors Identified:
- 103.18.166.10 (Risk: 70)
- 103.18.166.2, .4, .8, .16 (Risk: 55)
*Context: The subnet shows elevated abuse activity. While 103.18.166.147 itself is not directly implicated, the neighborhood risk profile warrants defensive consideration.*
---
## Service & DNS Analysis
Open Ports: None detected
HTTP/HTTPS: No services listening
Email Authentication: No SPF/DMARC records
PTR Records: None
Forward Resolution: Not confirmed
---
## Historical Observation Timeline
Total Observations: 18 signals over monitoring period
Recent Activity:
- 2026-06-26: Geolocation signals from India (Amritsar), operator score minimal (0.1304)
- 2026-06-05: Initial geolocation inference, ICMP validation blocked
- Temporal Trend: No persistent malicious behavior observed; threat persistence days: 0
---
## Recommended Security Actions
Immediate Mitigation
The following firewall rules are recommended based on risk assessment:
iptables:
```bash
iptables -A INPUT -s 103.18.166.147 -j DROP
```
nftables:
```bash
nft add rule inet filter input ip saddr 103.18.166.147 drop
```
nginx:
```nginx
deny 103.18.166.147;
```
Cloudflare WAF:
```json
{
"description": "Block 103.18.166.147 โ IPDebrief risk score 40",
"action": "block",
"filter": {"expression": "ip.src eq 103.18.166.147"}
}
```
AWS WAF:
```json
{
"Addresses": ["103.18.166.147/32"],
"Description": "IPDebrief risk 40"
}
```
pfSense:
```
103.18.166.147/32
```
---
## Intelligence Assessment
The IP 103.18.166.147 presents a Moderate Risk profile with no active threat indicators. However, the subnet context (26.36% abuse density, 29 threat-sibling IPs) suggests this network segment may be utilized for malicious activity. The lack of open services and firewalled status indicate either a dormant endpoint or infrastructure not currently exposed to the public internet.
Priority: MEDIUM
Recommended Action: Block traffic at perimeter with continued monitoring. Investigate associated subnet if anomalous activity is observed.
Correlation Data: No certificate matches, no campaign correlations, no correlated IPs identified.
---
*Report generated: 2026-06-26 | Data Source: IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-APNANET4-IN |
| ASN | AS132768 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 35% | 2 | 3 |
| Overall | 23% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 22:16:55 UTC |
| Last Seen | 2026-06-26 03:57:00 UTC |
| Profile Built | 2026-06-26 04:03:13 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 18 |
Full dossier details are available via our API.