139.180.163.29

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 139.180.163.29/32

Classification: Moderate Risk Cloud Infrastructure Asset

Date: [Current Date]

Risk Score: 65/100

---

## Executive Summary

IP address 139.180.163.29 is a Vultr cloud computing VPS hosted in Sydney, Australia, operating as a web server with moderate risk profile (65/100). The system is associated with the domain icare-catalogue.com and vps1708.tmdvps.com. While the /24 subnet demonstrates clean abuse characteristics, the IP is listed on three DNS blacklist entries with high severity ratings, warranting monitoring for potential spam or abuse activity.

---

## Infrastructure Profile

Ownership & Provider:

ASN: 20473 (IRT-CHOOPALLC-AP)
Provider: Vultr (Cloud Compute)
Network Type: Cloud Infrastructure / Hosting
CIDR Block: 139.180.160.0/20
Routing Status: BGP stable, route changes: 0 in last 30 days
RPKI: State not validated

Geolocation:

Country: Australia (AU)
City/Region: Sydney, NSW
Accuracy: ±2000km (RDAP registration source)
Geographic Plausibility: Flagged as implausible by validation checks

DNS Infrastructure:

PTR Hostname: vps1708.tmdvps.com
Primary Domain: icare-catalogue.com
SPF Record: v=spf1 +a +mx +ip4:139.180.163.29 ~all (configured)
DMARC Record: Not present
DNSBL Listings: 3 of 8 total lists (high severity)

---

## Service Exposure

Open Ports:

Port	Protocol	Service	Status
80	TCP	HTTP	Open
443	TCP	HTTPS	Open
22	TCP	SSH	Open (OpenSSH 7.4)

TLS/SSL Certificate:

Issuer: Let's Encrypt (R12)
Subject: *.icare-catalogue.com
SANs: *.icare-catalogue.com, icare-catalogue.com
Status: Valid, non-self-signed
HSTS: Not enabled
CSP: Not configured

HTTP Fingerprint:

Server: Apache
HTTP/2: Enabled
Status Code: 500 (error state observed)

---

## Threat Indicators

Observed Threat Activity:

Abuse Confidence Score: Not provided
Known Attacker: No
Tor Exit Node: No
Spam Source: No
Known Campaigns: None identified

Blacklist Status:

DNSBL Listed: 3 entries
Total DNSBL: 8 lists
Maximum Severity: High

Campaign Correlation:

Likelihood: None
Cert Matches: 0
Correlated IPs: 0

---

## Historical Observations

Signal History: 27 observations recorded

Recent DNS Activity: SPF record pointing to 139.180.163.29 for icare-catalogue.com (2026-06-26)
Provider Identification: Vultr cloud infrastructure consistently identified
Geolocation: Australia (AU) with variable confidence scores
Threat Persistence: No persistent malicious behavior detected
Ownership Stability: No ownership changes recorded

---

## Network Neighborhood Analysis

Subnet: 139.180.163.0/24

Abuse Density: 0 (mostly clean)
Risk Classification: Mostly clean
Active Siblings: 1
Threat Siblings: 1
Inherited Risk: 2/100

Relationship Graph:

DNS Associations: Multiple associations to vps1708.tmdvps.com
Network Peers: AUS_VULTR_CUST network
Total Relationships: 81 entities (primarily DNS and network associations)

---

## Recommended Actions

Immediate Actions:

1. Monitor DNSBL Listings: Investigate the 3 DNSBL entries with high severity ratings

2. Verify Legitimate Use: Confirm icare-catalogue.com is a legitimate service

3. SSH Access Review: Evaluate necessity of port 22 access from external networks

4. DMARC Implementation: Deploy DMARC record for icare-catalogue.com to enhance email authentication

Firewall/Filtering Rules:

Block if the 3 DNSBL listings are confirmed malicious
Monitor traffic patterns for anomalies
Allow if legitimate business use is verified

Long-term Mitigation:

Implement DMARC policy for associated domains
Consider disabling SSH from external networks if not required
Monitor for any changes in DNSBL status

---

## Risk Assessment

Overall Risk: MODERATE

Key Risk Factors:

Listed on multiple DNSBLs with high severity
Error state (HTTP 500) observed on HTTPS endpoint
No DMARC record configured
Geographic validation flagged as implausible

Mitigating Factors:

Clean subnet abuse density
No known malicious campaigns or attacker attribution
Standard cloud infrastructure configuration
Let's Encrypt TLS certificate indicates active maintenance

Recommendation: Monitor closely for DNSBL status changes and verify legitimate business use of the icare-catalogue.com domain. Consider temporary filtering if DNSBL listings confirm malicious activity.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇦🇺 Australia
Region	NSW
City	Sydney
Timezone	—
Latitude	-33.90
Longitude	151.19

🏢 Ownership & Registration

Organization	IRT-CHOOPALLC-AP
ASN	AS20473
Network Name	—
CIDR Block	139.180.160.0/20
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	vps1708.tmdvps.com
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`vps1708.tmdvps.com`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	1/2 domains
DMARC	0/2 domains
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured
Domains Checked	2 domains

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Tier 3 — Basic operator with some routing infrastructure

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_7.4
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	Apache
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_7.4

🔐 TLS Certificate

🔒

CN=*.icare-catalogue.com

Issued by CN=R12, O=Let's Encrypt, C=US

Self-signed: No

SANs	*.icare-catalogue.comicare-catalogue.com
Valid From	2026-05-23T20:37:48+00:00
Valid Until	2026-08-21T20:37:47+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	89 days
Serial Number	05CD5CCD17BB40187A09AA622873D9212711
Thumbprint	A71A97CD730A03844303A4F388AD0A8FEFF24F7A

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	30%	2	4
routing	17%	2	3
services	26%	2	3
ownership	22%	3	4
reputation	28%	1	3
geolocation	23%	2	2
Overall	24%	12	19

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-08 23:18:04 UTC
Last Seen	2026-06-27 14:13:49 UTC
Profile Built	2026-06-28 08:19:39 UTC
Data Freshness	Live
Signal Types	25
Total Observations	31

🔍 25 signal types · 31 observations collected

This report is generated from 25+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

139.180.163.29📋 Copy