103.113.101.67📋 Copy

IP Intelligence Briefing: 103.113.101.67

Date: 2026-06-12

---

**1. Profile Summary**

• Risk Score: 55/100 (Moderate Risk)
• Ownership: Registered to WayLink Pvt Limited (ASN 137561) in Punjab, Pakistan.
• Geolocation: Rawalpindi, Punjab, Pakistan (33.61°N, 73.03°E).
• Network Role: Firewalled / No Services (no open ports or TLS certificates detected).
• Threat Indicators: No direct malicious activity detected (no indicators in threat feeds, DNSBLs, or campaigns).

---

**2. Observation History**

• Key Signals:

- DNSSEC validation confirmed for `67.101.113.103.in-addr.arpa`.

- SPF record exists for `waylink.pk` but no DMARC configuration.

- Listed in 3/8 DNSBLs (moderate confidence).

- Subnet (`103.113.101.0/24`) has abuse density 0%.

• Trends: No significant changes in risk or activity over time.

---

**3. Relationships**

• Network: Linked to WAYLINK-PK (same ASN and subnet).
• DNS: Associated with `103.113.101.67.waylink.pk`.
• No Known Campaigns or Certificates: No correlation with malware, phishing, or C2 domains.

---

**4. Subnet Neighbors**

• Subnet: `103.113.101.0/24` (256 IPs).
• High-Risk Neighbors:

- `103.113.101.70` (Risk Score: 70).

- `103.113.101.76` (Risk Score: 40).

• Abuse Density: 0% (no malicious activity detected in subnet).

---

**5. Recommended Actions**

• Block/monitor: Implement firewall rules to block traffic from this IP (see below).
• Enhance Logging: Review logs for unusual activity due to moderate risk score.
• DNS Monitoring: Ensure DMARC is configured for `waylink.pk` to mitigate spoofing risks.

---

**6. Firewall Rules**

```bash

iptables: iptables -A INPUT -s 103.113.101.67 -j DROP

nftables: nft add rule inet filter input ip saddr 103.113.101.67 drop

Nginx: deny 103.113.101.67;

Cloudflare WAF: {"action": "block", "expression": "ip.src eq 103.113.101.67"}

AWS WAF: {"Addresses": ["103.113.101.67/32"], "Description": "IPDebrief risk 55"}

```

---

Conclusion:

The IP is associated with a Pakistani company and shows no direct malicious activity. However, its subnet contains higher-risk neighbors, and it is listed in DNSBLs. SOC teams should monitor traffic from this IP and consider blocking it to mitigate potential risks.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.