103.216.117.42

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

THREAT INTELLIGENCE BRIEFING

IP Address: 103.216.117.42/32

Classification: Moderate Risk (Score: 55)

Date of Analysis: Current

1. OWNERSHIP AND GEOLOCATION

The IP address belongs to INETSOFT-VN (ASN 135905, IRT-VNNIC-AP), operating within the APNIC RIR registry. The network block 103.216.116.0/22 is registered to this organization. Geolocation data indicates the IP is associated with Vietnam (VN), specifically Dich Vong region. Geographic validation shows inconsistent data sources with consensus unavailable.

2. NETWORK ROLE AND INFRASTRUCTURE

The IP functions as a Web Server with standard HTTP/HTTPS services exposed on ports 80 and 443. The server banner identifies nginx/1.28.3. The TLS certificate subject indicates "CN=parking" issued by FASTPANEL, suggesting a placeholder or test web server configuration. No hosted domains were detected, and forward DNS resolution returned null.

3. THREAT INDICATORS

No active threat indicators were identified. The IP is not listed as a Tor exit node, known attacker, or spam source. Blacklist enumeration returned 0 entries, though DNSBL listing showed 3 matches across 8 total lists. No known malware campaigns were associated with this address.

4. CONTROL PLANE AND ROUTING

BGP routing shows the IP originates from ASN 135905 with prefix 103.216.116.0/22. Route stability is flagged as false, indicating recent routing changes. DNSSEC validation is confirmed. Operator score (0.1304) rates as Minimal, with no RPKI or IRR consistency data available.

5. NEIGHBORHOOD ANALYSIS

The /24 subnet (103.216.117.0/24) contains one active sibling IP: 103.216.117.118, which carries a risk score of 0. Subnet abuse density is low (0), with classification marked as "mostly_clean." No threat indicators were inherited from neighboring addresses.

6. OBSERVATION HISTORY

Analysis of 21 historical observations reveals consistent patterns with no significant risk escalation. Recent observations (June 2026 timeframe) show:

Operator score: Minimal
Certificate data: FASTPANEL issued "CN=parking" certificate
HTTP response: Status 200, nginx/1.28.3, HTTP/1.1

7. SECURITY ACTIONS

No specific firewall or blocking recommendations were generated. The IP presents moderate risk primarily due to DNSBL listings and inconsistent geographic validation, but lacks confirmed malicious behavior.

8. RECOMMENDATIONS FOR SOC ANALYSTS

Monitor for changes in DNSBL listing status
Review routing stability alerts if traffic anomalies occur
No immediate blocking recommended; maintain standard logging and monitoring
Consider correlation with any historical C2 infrastructure if contextually relevant to your threat landscape

END BRIEFING

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇻🇳 Vietnam
Region	—
City	Dich Vong
Timezone	Asia/Ho_Chi_Minh
Latitude	16.17
Longitude	107.83

🏢 Ownership & Registration

Organization	IRT-VNNIC-AP
ASN	AS135905
Network Name	INETSOFT-VN
CIDR Block	103.216.116.0/22
RIR	APNIC
Country	VN
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Web Server
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
Closed Ports	22, 25, 3389, 8080, 8443 (2 open / 7 scanned)

Server	nginx/1.28.3
HTTP Title	—

🔐 TLS Certificate

A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.

⚠️

CN=parking, OU="", O=FASTPANEL, L="", S="", C=""

Issued by CN=parking, OU="", O=FASTPANEL, L="", S="", C=""

Self-signed: Yes

SANs	None
Valid From	2025-10-13T03:38:39+00:00
Valid Until	2026-10-13T03:38:39+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	365 days
Serial Number	01
Thumbprint	107B108F8BAFD180C4200625D494286CF4F11EA9

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	25%	2	4
routing	13%	1	1
services	31%	2	3
ownership	27%	2	3
reputation	24%	1	3
geolocation	21%	2	2
Overall	23%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mixed Signals (68%) — 2 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Geo sources disagree on country: "", VN
⚠ TLS certificate claims "" but primary geo says VN

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:03:26 UTC
Last Seen	2026-06-22 07:01:00 UTC
Profile Built	2026-06-22 07:07:30 UTC
Data Freshness	Live
Signal Types	20
Total Observations	21

🔍 20 signal types · 21 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

103.216.117.42📋 Copy