14.103.233.27
# IP INTELLIGENCE BRIEFING
IP Address: 14.103.233.27/32
Analysis Date: 2026-06-22
Classification: Moderate Risk (Score: 65/100)
---
## EXECUTIVE SUMMARY
IP 14.103.233.27 presents moderate risk with a score of 65/100. The address is owned by VOLCANO-ENGINE (Beijing Volcano Engine Technology Co., Ltd., ASN 4811) and is registered under APNIC within China. The subnet shows no local abuse density, but the IP is listed on 3 of 8 DNS blacklists, indicating prior reputation issues. The address has been firewalled with no active services detected.
---
## OWNERSHIP AND NETWORK CLASSIFICATION
- Organization: VOLCANO-ENGINE (IRT-VOLCANO-ENGINE-CN)
- ASN: 4811
- CIDR Block: 14.103.0.0/16
- Geolocation: China (CN) โ consensus confirmed but with 2500km accuracy radius
- RIR: APNIC
- Registration Date: 2010-08-10
---
## THREAT INDICATORS
- Risk Score: 65/100 (Moderate Risk)
- DNSBL Listings: 3 of 8 total blacklists
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Threat Feeds: None active
- Campaign Correlation: None identified
---
## OBSERVATION HISTORY
Sixteen observations recorded over the analysis period. Key signals include:
- ASN mapping inconsistencies between CHINANET-SHANGHAI-MAN and VOLCANO-ENGINE
- Geolocation inference pointing to China with moderate confidence (0.52)
- Subnet classification consistently showing "clean" with 0 abuse density
- DNSBL listings observed with maximum severity rated as "high"
---
## NETWORK BEHAVIOR
- Services: No open ports detected; connection classified as "Firewalled / No Services"
- DNS: No PTR records, no forward resolution, no hosted domains
- HTTP/HTTPS: No TLS certificates, no HTTP title, no banner information
- Control Plane: Route stability inconsistent (isRouteStable: false), BGP prefix 14.103.232.0/21
- RPKI: State not determined
- IRRC Consistency: Not applicable
---
## RELATIONSHIP ANALYSIS
All 21 relationship entities map to the VOLCANO-ENGINE network. No external organizational or hostname relationships detected beyond the primary network association.
---
## NEIGHBORHOOD ANALYSIS
Subnet 14.103.233.27/24 shows:
- Abuse Density: 0 (clean)
- Classification: Clean
- Threat Siblings: 0
- Active Siblings: 0
- Inherited Risk: 0
No neighboring IPs flagged for abuse activity within the /24 boundary.
---
## RECOMMENDED ACTIONS
Based on the elevated risk profile (65/100), the following defensive measures are recommended:
Firewall/Access Control:
- iptables: `iptables -A INPUT -s 14.103.233.27 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 14.103.233.27 drop`
- nginx: `deny 14.103.233.27;`
Cloud/CDN:
- Cloudflare WAF: Block IP with expression `ip.src eq 14.103.233.27`
- AWS WAF: Add `14.103.233.27/32` to rule group
Monitoring:
- Increase logging verbosity for this source
- Review recent activity logs for potential false positives
- Monitor for new DNSBL listings or reputation changes
---
## RISK ASSESSMENT
The IP demonstrates moderate risk primarily due to DNSBL listings and historical reputation issues. While the current subnet shows no abuse activity, the 3/8 DNSBL listing count suggests prior malicious associations. The firewalled status with no active services reduces immediate threat exposure. Recommended action is to block or monitor closely depending on organizational policy and context of initial detection.
---
Prepared by: IPDebrief Intelligence Analysis
Status: Actionable intelligence for SOC deployment
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-VOLCANO-ENGINE-CN |
| ASN | AS4811 |
| Network Name | VOLCANO-ENGINE |
| CIDR Block | 14.103.0.0/16 |
| RIR | APNIC |
| Country | CN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 3 |
| routing | 21% | 1 | 2 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 23% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 21% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:41 UTC |
| Last Seen | 2026-06-26 18:10:37 UTC |
| Profile Built | 2026-06-22 14:59:31 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 20 |
Full dossier details are available via our API.