14.103.118.248
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
## IP Intelligence Briefing: 14.103.118.248/32
Classification: Moderate Risk | Jurisdiction: China (CN) | ASN: 137718
Executive Summary
The IP 14.103.118.248 is an infrastructure endpoint within the VOLCANO-ENGINE network (AS137718) originating from APNIC RIR region. Current risk assessment scores a 50 (Moderate Risk) with a subnet abuse density of 0.5714, classifying the /24 block as high_abuse. The address shows no active service exposure (firewalled/no services) and demonstrates stable ownership characteristics with no persistent malicious campaign correlation.
Ownership & Network Context
- Organization: IRT-VOLCANO-ENGINE-CN (Beijing Volcano Engine Technology Co., Ltd.)
- ASN: 137718 | Registry: APNIC | Allocation: 2010-08-10
- BGP Prefix: 14.103.112.0/20 (Route stability: unstable; 0 route changes in 30 days)
- Country: China (CN) | Geo Confidence: 0.52 | Location: ~35.86°N, 104.2°E
Threat Indicators & Reputation
- Risk Score: 50 (Moderate)
- Threat Indicators: None detected
- Blacklist Status: 0 blacklists (DNSBL: 1 of 8 lists checked)
- Abuse Confidence: Not applicable (no active threat indicators)
- Known Campaigns: None correlated
- Tor/Proxy/VPN: Not identified
Network Behavior & Service Exposure
- Service Purpose: Firewalled / No Services
- Open Ports: None detected
- DNS Resolution: No forward resolution; no PTR hostnames
- TLS/HTTP: No TLS certificate; no HTTP title/banner
- Email Reputation: No email authentication records (SPF/DMARC not configured)
Neighborhood Analysis (/24 Subnet)
- Subnet: 14.103.118.248/24
- Abuse Density: 0.5714 (High abuse classification)
- Total Siblings: 28 | Active Siblings: 24 | Threat Siblings: 16
- Risk Distribution: 0 High / 26 Medium / 1 Low
- Sample High-Risk Neighbors: 14.103.118.113, 14.103.118.114, 14.103.118.120, 14.103.118.140, 14.103.118.153 (all Risk: 50)
Historical Observations
- Observation Count: 18 signals
- Timeline: Most recent activity 2026-06-22
- Key Historical Events:
- 2026-06-17: Listed on multiple blacklists (high severity)
- 2026-06-17: ASN 137718 ownership confirmed (VOLCANO-ENGINE)
- 2026-06-17: Geographic location inferred as China (CN)
- Threat Persistence: 0 days (not persistently malicious)
- Ownership Stability: Stable (0 ownership changes)
Relationships Graph
- Primary Association: 26 relationships identified
- Network Relationships: All mapped to VOLCANO-ENGINE network entities
Recommended Actions
- Monitoring: Continue passive monitoring; subnet shows elevated abuse density (0.5714)
- Traffic Analysis: No open ports; if inbound traffic observed, investigate for potential data exfiltration or command-and-control
- Correlation: Cross-reference with 15 additional threat siblings in /24 subnet for lateral threat mapping
- Blocking: Not currently recommended (Moderate Risk, no active threat indicators)
- Alerting: Set threshold alerts for outbound traffic patterns given neighborhood abuse context
---
Data Source: IPDebrief Intelligence Platform | Analysis Date: 2026-06-22
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-VOLCANO-ENGINE-CN |
| ASN | AS4811 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | APNIC |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
No certificate
Issued by โ
N/A
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 17% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 23% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 21% | 10 | 15 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:41 UTC |
| Last Seen | 2026-06-22 18:52:56 UTC |
| Profile Built | 2026-06-22 14:36:48 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 21 |
๐ 18 signal types ยท 21 observations collected
This report is generated from 18+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.