IP Intelligence Briefing: 110.25.109.53
Date: 2026-06-17
---
**1. Core Profile**
- Risk Score: 80 (High Risk)
- Owner: Jeff Ho (ASN 9674, APNIC)
- Geolocation: Taipei, Taiwan (23.7°N, 120.96°E)
- Network Role: Web server (ports 443/8080 open, lighttpd/1.4.30)
- DNS: PTR hostname `110-25-109-53.adsl.fetnet.net` (fetnet.net)
- Threat Indicators: No direct malicious activity detected; no known campaigns or blacklists.
---
**2. Observation History**
- Recent Activity:
- Geolocation consistent with Taipei, Taiwan (2026-06-17).
- Network latency: Avg RTT 423ms (min 288ms, max 546ms).
- Operator score: "Basic" (low trust).
- Subnet abuse density: 0.6154 (moderate risk).
- Stability: Route stability flagged as "unstable" (BGP changes).
---
**3. Network Relationships**
- Subnet: 110.25.109.53/24
- Neighbors:
- High-risk siblings: 3 IPs (80 risk score).
- Medium-risk siblings: 9 IPs (40โ55 risk score).
- Abuse Density: 25% (moderate).
- Shared Network: FEG-MPLS-NETWORK-NET (APNIC).
---
**4. Threat Context**
- No Direct Malicious Signals: No malware, phishing, or exploit indicators.
- Self-Signed TLS Certificate: Server uses self-signed cert (CN=localhost).
- DNS Security: DNSSEC valid, no CAA records.
- Subnet Risk: 3 high-risk neighbors in same /24 subnet.
---
**5. Recommendations**
- Monitor Neighbors: Investigate high-risk IPs in 110.25.109.0/24.
- Verify Server Configuration: Check lighttpd server for misconfigurations (self-signed certs, open ports).
- Geolocation Validation: Confirm if server activity aligns with legitimate operations in Taiwan.
- Network Segmentation: Consider isolating this subnet due to moderate abuse density.
---
Conclusion:
This IP is part of a network in Taiwan with mixed risk levels. While no direct malicious activity is detected, the presence of high-risk neighbors and unstable routing warrants further investigation. SOC teams should prioritize monitoring the subnet and validating server legitimacy.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Jeff Ho |
| ASN | AS9674 |
| Network Name | FEG-MPLS-NETWORK-NET |
| CIDR Block | 110.25.0.0/16 |
| RIR | APNIC |
| Country | TW |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | 110-25-109-53.adsl.fetnet.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 110-25-109-53.adsl.fetnet.net |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| 8080 | http-alt | tcp | โ |
| Closed Ports | 22, 25, 80, 3389, 8443 (2 open / 7 scanned) | ||
| Server | lighttpd/1.4.30 |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | 2023-05-25T19:42:01+00:00 |
| Valid Until | 2033-05-22T19:42:01+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 3650 days |
| Serial Number | 00C3EF50D494D67785 |
| Thumbprint | 5E485C45D1FFA9E8AC3A78A82683B3ADBA7002D6 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 37% | 2 | 5 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 4 |
| ownership | 15% | 2 | 2 |
| reputation | 23% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 25% | 10 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-07 23:03:30 UTC |
| Last Seen | 2026-06-26 18:10:22 UTC |
| Profile Built | 2026-06-27 00:36:52 UTC |
| Data Freshness | Fresh |
| Signal Types | 22 |
| Total Observations | 23 |
Full dossier details are available via our API.