Threat Intelligence Briefing: IP 103.64.148.85/32
Summary:
The IP address 103.64.148.85/32 is associated with Abuse Reporting (ASN 38220) and registered to RELENTLESSHOSTING-AU under APNIC. It exhibits low risk (risk score: 25) with no active threat indicators, malicious campaigns, or spam activity. The IP is geolocated in Australia but lacks precise city/region data.
Key Findings:
1. Network Profile:
- Services: Hosts HTTP (port 80), HTTPS (port 443), and SSH (port 22) services.
- TLS Certificate: Valid certificate issued by Letβs Encrypt, covering aviationspottersonline.com and its subdomains.
- DNS: Resolves to aviationspottersonline.com, which has SPF records but no DMARC configuration.
2. Threat Observations:
- No malicious indicators, blacklists, or campaign correlations detected.
- Historical data (last 30 days) shows consistent low-risk behavior, with no significant changes in geolocation or network activity.
3. Network Relationships:
- Linked to aviationspottersonline.com via DNS.
- Shares the same ASN (38220) as other IPs in the RELENTLESSHOSTING-AU network.
4. Subnet Analysis:
- Subnet 103.64.148.0/22 has an abuse density of 0%, with no risky neighbors detected.
Recommendations:
- Monitor DNS configurations for DMARC implementation to enhance email security.
- Continuously track the IP for unexpected service changes or new threat indicators.
- Verify the legitimacy of the hosting provider (RELENTLESSHOSTING-AU) and ensure compliance with security best practices.
Conclusion:
This IP is currently benign, but its association with a hosting provider warrants ongoing monitoring. No immediate action is required, but maintaining visibility into its network behavior is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Abuse Reporting |
| ASN | AS38220 |
| Network Name | RELENTLESSHOSTING-AU |
| CIDR Block | 103.64.148.0/22 |
| RIR | APNIC |
| Country | AU |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | aviationspottersonline.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | aviationspottersonline.com |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Apache |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_7.4 |
π TLS Certificate
| SANs | *.aviationspottersonline.comaviationspottersonline.com |
| Valid From | 2026-04-08T00:52:48+00:00 |
| Valid Until | 2026-07-07T00:52:47+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 05482784C5A4A88EDCEC825CCA12CD46BDB3 |
| Thumbprint | E2C8231A678B23CD2CC2D1D241FA9DD956BB2656 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 21% | 1 | 3 |
| geolocation | 37% | 2 | 3 |
| Overall | 24% | 10 | 17 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:03:27 UTC |
| Last Seen | 2026-06-22 07:23:14 UTC |
| Profile Built | 2026-06-22 07:31:24 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 25 |
Full dossier details are available via our API.