# IP INTELLIGENCE BRIEFING: 118.145.104.105
## Executive Summary
IP address 118.145.104.105 is classified as MODERATE RISK (score: 50). The address belongs to Chinese infrastructure provider IRT-VOLCANO-ENGINE-CN (ASN 137718) and shows limited threat indicators with 2 DNSBL listings out of 8 checked sources. No active malicious behavior observed; classified as "Firewalled / No Services" with no open ports.
## Ownership & Registration
| Field | Value |
|---|---|
| **Organization** | IRT-VOLCANO-ENGINE-CN |
| **Network Name** | VOLCANO-ENGINE |
| **ASN** | 137718 |
| **CIDR Block** | 118.145.64.0/18 |
| **RIR** | APNIC |
| **Geolocation** | China (CN) |
| **Accuracy** | ±2,500 km |
## Risk Assessment
- Overall Risk Score: 50/100 (Moderate)
- Threat Indicators: None detected
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Blacklist Count: 0 (current state), 2 historical listings
- Abuse Confidence Score: Not applicable (insufficient data)
- Control Plane Risk: Operator score 0.1304 (Minimal)
## Network Characteristics
- Service Classification: Firewalled / No Services
- Open Ports: None detected
- DNS Resolution: Forward resolution fails; no PTR hostnames
- Hosted Domains: 0
- Email Auth: SPF/DMARC not configured
- HTTP/HTTPS: No web services detected (no TLS cert, no HTTP title)
- Mobile Carrier: None
## Neighborhood Analysis (/24 Subnet)
- Subnet: 118.145.104.0/24
- Total Siblings: 2
- Active Siblings: 0
- Threat Siblings: 0
- Abuse Density: 0 (clean)
- Risk Distribution: High: 0, Medium: 1, Low: 1
- Neighbor IPs: 118.145.104.37 (risk: 50), 118.145.104.154 (risk: 25)
## Historical Signals (14 Observations)
- Most Recent: 2026-06-22T10:46:08Z
- DNSBL Activity: Listed on 8 sources, 2 active listings with "high" severity
- Geolocation Signals: Consistently resolved to China (CN) with 0.52 confidence
- Operator Score: 0.1304 (Minimal)
- Ownership Stability: 0 ownership changes recorded
- Threat Persistence: 0 days (not persistently malicious)
## Control Plane & Routing
- Origin ASN: 137718
- BGP Prefix: 118.145.104.0/21
- Route Stability: False (0 route changes in 30 days)
- RPKI State: Not validated
- DNSSEC: Valid
- IRR Consistency: Not evaluated
## Threat Campaign Correlation
- Campaign Likelihood: Not applicable
- Certificate Matches: 0
- Banner Matches: 0
- Correlated IPs: 0
## Recommended Security Actions
Based on risk profile, the following firewall rules are recommended:
iptables:
```bash
iptables -A INPUT -s 118.145.104.105 -j DROP
```
nftables:
```bash
nft add rule inet filter input ip saddr 118.145.104.105 drop
```
nginx:
```nginx
deny 118.145.104.105;
```
Cloudflare WAF:
```json
{
"description": "Block 118.145.104.105 โ IPDebrief risk score 50",
"action": "block",
"filter": {
"expression": "ip.src eq 118.145.104.105"
}
}
```
AWS WAF:
```json
{
"Addresses": ["118.145.104.105/32"],
"Description": "IPDebrief risk 50"
}
```
## Analyst Notes
This IP represents a moderately risky address with limited observable threat activity. The moderate risk score (50) correlates with historical DNSBL listings but no current malicious indicators. The neighborhood analysis shows low abuse density (0), and only one sibling IP in the /24 carries medium risk. Given the lack of open services and the "firewalled" classification, this IP may represent infrastructure that is intentionally restricted or in decommissioning. SOC teams should evaluate contextual threat intelligence before implementing blocking rules, as the risk profile suggests opportunistic rather than active malicious activity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-VOLCANO-ENGINE-CN |
| ASN | AS137718 |
| Network Name | VOLCANO-ENGINE |
| CIDR Block | 118.145.64.0/18 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 15% | 1 | 2 |
| geolocation | 30% | 2 | 3 |
| Overall | 20% | 9 | 12 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:34 UTC |
| Last Seen | 2026-06-26 18:10:30 UTC |
| Profile Built | 2026-06-22 11:25:49 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 17 |
Full dossier details are available via our API.