Threat Intelligence Briefing: IP 103.241.243.104/32
Summary
The IP address 103.241.243.104/32 is part of the APNANET4-IN network, registered to IRT-APNANET4-IN (APNIC). It is classified as Low Risk with no direct malicious indicators (e.g., no blacklists, spam, or known attacker associations). The IP is firewalled with no open services, suggesting it is likely infrastructure or internal use.
Key Findings
1. Network Context
- Subnet: 103.241.243.0/24
- Abuse Density: 0.667 (moderate risk in the neighborhood).
- Neighboring IPs include 103.241.243.19, 103.241.243.22, and 103.241.243.35, with two of these IPs having risk scores of 80 (high risk) and one at 55 (medium risk).
2. Ownership & Geolocation
- Registered to APNANET4-IN (India), with geolocation data pointing to India (latitude 21.9974, longitude 79.0011).
- No specific city or region identified, but geolocation consistency is plausible.
3. Threat Indicators
- No malicious activity detected (no indicators, blacklists, or campaigns).
- DNS resolution attempts timed out, potentially indicating misconfiguration or internal network segmentation.
4. Behavioral & Network Observations
- 17 observations over time show stable ownership and no persistent threats.
- DNS queries to private IPs (e.g., 192.168.2.108) suggest internal testing or misconfigured DNS settings.
Recommendations
- Monitor Neighbors: Investigate higher-risk neighboring IPs (e.g., 103.241.243.19, 103.241.243.22) for potential lateral movement or shared infrastructure risks.
- Verify DNS Configuration: Ensure DNS settings are correctly configured to avoid timeouts or internal network leaks.
- Maintain Network Segmentation: Confirm firewalled infrastructure is isolated from public-facing services.
Conclusion
The IP itself is low risk but exists within a subnet with mixed risk neighbors. While no direct threats are detected, the network environment warrants closer scrutiny to mitigate potential indirect risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-APNANET4-IN |
| ASN | AS132768 |
| Network Name | APNANET4-IN |
| CIDR Block | 103.241.243.0/24 |
| RIR | APNIC |
| Country | IN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 11% | 1 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 24% | 1 | 4 |
| geolocation | 19% | 2 | 2 |
| Overall | 20% | 9 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 02:49:54 UTC |
| Last Seen | 2026-06-26 06:20:01 UTC |
| Profile Built | 2026-06-26 06:23:31 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 21 |
Full dossier details are available via our API.