110.25.109.53
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
IP Intelligence Briefing: 110.25.109.53
Date: 2026-06-17
---
**1. Core Profile**
- Risk Score: 80 (High Risk)
- Owner: Jeff Ho (ASN 9674, APNIC)
- Geolocation: Taipei, Taiwan (23.7°N, 120.96°E)
- Network Role: Web server (ports 443/8080 open, lighttpd/1.4.30)
- DNS: PTR hostname `110-25-109-53.adsl.fetnet.net` (fetnet.net)
- Threat Indicators: No direct malicious activity detected; no known campaigns or blacklists.
---
**2. Observation History**
- Recent Activity:
- Geolocation consistent with Taipei, Taiwan (2026-06-17).
- Network latency: Avg RTT 423ms (min 288ms, max 546ms).
- Operator score: "Basic" (low trust).
- Subnet abuse density: 0.6154 (moderate risk).
- Stability: Route stability flagged as "unstable" (BGP changes).
---
**3. Network Relationships**
- Subnet: 110.25.109.53/24
- Neighbors:
- High-risk siblings: 3 IPs (80 risk score).
- Medium-risk siblings: 9 IPs (40โ55 risk score).
- Abuse Density: 25% (moderate).
- Shared Network: FEG-MPLS-NETWORK-NET (APNIC).
---
**4. Threat Context**
- No Direct Malicious Signals: No malware, phishing, or exploit indicators.
- Self-Signed TLS Certificate: Server uses self-signed cert (CN=localhost).
- DNS Security: DNSSEC valid, no CAA records.
- Subnet Risk: 3 high-risk neighbors in same /24 subnet.
---
**5. Recommendations**
- Monitor Neighbors: Investigate high-risk IPs in 110.25.109.0/24.
- Verify Server Configuration: Check lighttpd server for misconfigurations (self-signed certs, open ports).
- Geolocation Validation: Confirm if server activity aligns with legitimate operations in Taiwan.
- Network Segmentation: Consider isolating this subnet due to moderate abuse density.
---
Conclusion:
This IP is part of a network in Taiwan with mixed risk levels. While no direct malicious activity is detected, the presence of high-risk neighbors and unstable routing warrants further investigation. SOC teams should prioritize monitoring the subnet and validating server legitimacy.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Jeff Ho |
| ASN | AS9674 |
| Network Name | FEG-MPLS-NETWORK-NET |
| CIDR Block | 110.25.0.0/16 |
| RIR | APNIC |
| Country | TW |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | 110-25-109-53.adsl.fetnet.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | 110-25-109-53.adsl.fetnet.net |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| 8080 | http-alt | tcp | โ |
| Closed Ports | 22, 25, 80, 3389, 8443 (2 open / 7 scanned) | ||
| Server | lighttpd/1.4.30 |
| HTTP Title | โ |
๐ TLS Certificate
A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.
CN=localhost
Issued by CN=localhost
Self-signed: Yes
| SANs | None |
| Valid From | 2023-05-25T19:42:01+00:00 |
| Valid Until | 2033-05-22T19:42:01+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 3650 days |
| Serial Number | 00C3EF50D494D67785 |
| Thumbprint | 5E485C45D1FFA9E8AC3A78A82683B3ADBA7002D6 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 37% | 2 | 5 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 4 |
| ownership | 15% | 2 | 2 |
| reputation | 23% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 25% | 10 | 18 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Fresh
| First Seen | 2026-05-07 23:03:30 UTC |
| Last Seen | 2026-06-26 18:10:22 UTC |
| Profile Built | 2026-06-27 00:36:52 UTC |
| Data Freshness | Fresh |
| Signal Types | 22 |
| Total Observations | 23 |
๐ 22 signal types ยท 23 observations collected
This report is generated from 22+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.