103.4.251.20
IP Intelligence Briefing: 103.4.251.20/32
*Last Updated: 2026-06-17*
---
**Risk Profile**
- Overall Risk: Moderate (Risk Score: 40)
- Threat Indicators: No direct malicious activity detected (no known campaigns, spam, or attacker listings).
- Network Role: Firewalled / No Services (no open ports, TLS, or HTTP services identified).
- Ownership: Registered to code200_noc (ASN 9009) under APNIC.
- Geolocation: Plausibly located in New York, NY, US (latitude 39.83, longitude -98.58).
---
**Observation History**
- Recent Activity:
- Geolocation: 16 observations since June 2026, with RTT anomalies (19ms vs. expected 119ms for 5,968km).
- Network Stability: BGP route instability detected (route changes in 30 days: 0, but route stability score: 0.13).
- DNSSEC: Validated, but 2 DNSBL listings (high-risk subnets).
- Behavioral Flags: No honeypot hits, enumeration strikes, or WAF violations.
---
**Relationships**
- Network Connections:
- Linked to LT-CODE200-20211021 (same network handle).
- Subnet 103.4.251.0/24 has high abuse density (0.7) and 7 threat siblings.
- Organizations: No direct malicious affiliations.
---
**Neighborhood Analysis**
- Subnet: 103.4.251.0/24 (10 total IPs, 8 with risk scores β₯40).
- Risk Distribution:
- 8 IPs with moderate risk (40).
- 1 IP with lower risk (25).
- Abuse Density: High (0.7), indicating potential for malicious activity in the subnet.
---
**Actionable Insights**
1. Monitor Subnet: The 103.4.251.0/24 subnet has a high abuse density. Investigate traffic patterns and consider blocking or monitoring this subnet.
2. Verify Geolocation: The IPβs low RTT (19ms) for its claimed location (5,968km) suggests potential spoofing or misconfigured routing.
3. DNSBL Check: The IP is listed in 2 DNSBLs, warranting further scrutiny for potential spam or malicious activity.
4. No Immediate Threat: No direct indicators of malicious activity, but the subnetβs risk profile warrants cautious monitoring.
---
Recommendation: Add 103.4.251.0/24 to watchlists for ongoing threat detection. Validate geolocation anomalies and review DNSBL associations for potential spam or phishing risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | code200_noc |
| ASN | AS9009 |
| Network Name | β |
| CIDR Block | β |
| RIR | APNIC |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 30% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 26% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:03:27 UTC |
| Last Seen | 2026-06-22 07:15:53 UTC |
| Profile Built | 2026-06-22 07:25:55 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 20 |
Full dossier details are available via our API.