103.189.235.176
# INTELLIGENCE BRIEFING: IP 103.189.235.176
Classification: Moderate Risk (Score: 65/100)
Analysis Date: Current
Assigned Risk: Provider Score: 0 | Authority Score: 0
---
## EXECUTIVE SUMMARY
IP address 103.189.235.176 is a Multi-Service Host located in Jakarta Selatan, Indonesia, registered to ASN 138608 (IRT-IDNIC-ID). The address presents moderate risk (65) with no persistent malicious indicators but multiple DNSBL listings (3 of 8 total). Neighborhood analysis reveals a mixed-risk subnet environment with elevated activity from sibling IPs.
---
## TECHNICAL PROFILE
Ownership & Registration:
- ASN: 138608
- Organization: IRT-IDNIC-ID
- Network: IANA-BLOCK
- RIR: APNIC
- Geolocation: Indonesia, Jakarta Selatan
Network Role: Multi-Service Host (not classified as CDN, cloud, proxy, VPN, or hosting provider)
DNS Configuration:
- PTR Hostname: ip103-189-235-176.cloudhost.web.id
- Reverse Resolution: Unconfirmed
- Hosted Domains: 0
Open Services:
- Port 80/TCP: HTTP (nginx/1.24.0 on Ubuntu)
- Port 22/TCP: SSH (OpenSSH_9.6p1 Ubuntu-3ubuntu13.16)
---
## THREAT INDICATORS
Positive Risk Factors:
- 3 DNSBL blacklist entries across 8 total lists
- Operator score: 0.1739 (Minimal)
- Control plane stability: Route changes detected in last 30 days
Negative Risk Factors:
- No active threat indicators (not Tor exit, not known attacker, not spam source)
- No active campaigns correlated
- No certificate matches
Threat Feeds: Empty
---
## OBSERVATION HISTORY
Total observations: 26
Recent Signal Timeline:
- 2026-06-22 06:53:49 UTC: Minimal risk operator score (0.0435)
- 2026-06-22 06:52:34 UTC: Reputation threat signal with 50 pulse detections from multiple threat feeds
- 2026-06-22 04:48:59 UTC: HTTP fingerprinting (nginx/1.24.0, TTFB: 539ms, status 200)
- 2026-06-21 06:14:49 UTC: Minimal risk operator score (0.0435)
Temporal Analysis:
- Ownership changes: 0
- Threat persistence days: 0
- Not classified as persistently malicious
---
## RELATIONSHIP GRAPH
Total Relationships: 68
Key Associations:
- 68 relationships primarily classified as "Same Network" pointing to IANA-BLOCK
- Limited organizational or hostname-level relationships detected
---
## NEIGHBORHOOD ANALYSIS
Subnet: 103.189.235.0/24
Abuse Density: 0.5
Classification: Mixed
Total Siblings: 6 (4 active)
Neighbor Risk Distribution:
- High Risk: 0
- Medium Risk: 4
- Low Risk: 1
Sibling IP Risk Scores:
- 103.189.235.30: Risk 25 (Low-Medium)
- 103.189.235.93: Risk 40 (Medium)
- 103.189.235.114: Risk 50 (Medium-High)
- 103.189.235.130: Risk 40 (Medium)
- 103.189.235.159: Risk 40 (Medium)
Inherited Risk: 7/100
---
## OPERATIONAL ASSESSMENT
Risk Profile: Moderate (65/100)
Key Observations:
1. The IP operates as a multi-service host with standard web and SSH services
2. No active threat indicators or known campaign associations
3. DNSBL listings indicate prior reputation issues, though current threat signals are minimal
4. Neighborhood shows elevated medium-risk activity (4 of 5 siblings scored 40-50)
5. Recent observation includes 50 threat pulses from multiple feeds
Threat Persistence: Not persistent; ownership and threat signals show no sustained malicious activity pattern
---
## RECOMMENDATIONS
Immediate Actions:
1. Monitor Closely: The IP's moderate risk score (65) combined with neighborhood medium-risk activity warrants enhanced monitoring
2. DNSBL Review: Investigate the 3 DNSBL listings to determine if they represent false positives or require remediation
3. Neighbor Correlation: Monitor sibling IPs 103.189.235.93, 103.189.235.114, 103.189.235.130, and 103.189.235.159 for correlated activity
4. Traffic Analysis: Implement logging for port 80 and 22 traffic from this source
Firewall Considerations:
- No immediate blocking recommended; risk profile does not indicate active threat
- Consider rate-limiting for SSH and HTTP connections if this IP appears in attacker traffic
- Monitor for abuse pattern changes given the mixed-risk subnet environment
---
END BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-IDNIC-ID |
| ASN | AS138608 |
| Network Name | IANA-BLOCK |
| CIDR Block | 0.0.0.0/0 |
| RIR | APNIC |
| Country | ID |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | ip103-189-235-176.cloudhost.web.id |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | ip103-189-235-176.cloudhost.web.id |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Multi-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 443, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | nginx/1.24.0 (Ubuntu) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 4 |
| ownership | 24% | 2 | 3 |
| reputation | 24% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 24% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:26 UTC |
| Last Seen | 2026-06-26 18:10:14 UTC |
| Profile Built | 2026-06-22 07:02:07 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 26 |
Full dossier details are available via our API.