185.15.171.77

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 185.15.171.77

Date: 2026-06-17

---

1. Risk Profile

Overall Risk: Moderate (Risk Score: 55)
Network Role: Web Server (HTTP/HTTPS/SSH services active)
Ownership: Managed by DONATO CONTE (ASN 57558, RIPE) in Italy (Basilicate).
Threat Indicators: No active malicious campaigns, spam, or known attacker associations.

---

2. Network & Geolocation

Geolocation:

- City: Tito, Basilicate, Italy

- Timezone: Europe/Rome

- Accuracy Radius: 750 km (mixed geo-source consensus).

Subnet: 185.15.171.77/24

- Abuse Density: 36% (moderate risk).

- High-Risk Neighbors: 32 IPs (e.g., 185.15.171.2, 185.15.171.4).

- Total Siblings: 89 IPs (32 active, 26 flagged as threats).

---

3. Services & TLS

Open Ports:

- 80 (HTTP), 443 (HTTPS), 22 (SSH).

- SSH Banner: Dropbear (version 2023).

TLS Certificate:

- Issued by Ubiquiti Networks Inc. (valid, not self-signed).

- SAN: `UBNT-24:5A:4C:EC:1A:C3`.

- Server: `lighttpd/1.4.54`.

---

4. Threat & DNS

DNS Associations:

- Resolves to `host077-171-015-185.retemetis.net` (no malicious domains detected).

- DNSBL Listings: 4/8 lists (moderate risk).

Threat Observations:

- No recent malicious activity (last observation: 2026-06-17).

- No Tor,VPN, or proxy indicators.

---

5. Recommendations

1. Monitor Subnet: High-risk neighbors (e.g., 185.15.171.2, 185.15.171.4) may indicate broader network compromise.

2. Verify DNSBL Listings: Investigate why 4/8 DNSBLs flag this IP (e.g., spam, phishing).

3. Secure SSH: Ensure SSH keys are rotated and restrict access to trusted IPs.

4. Check Certificate Validity: Confirm Ubiquiti certificate is revoked or updated if unexpected.

Next Steps: Cross-reference with 185.15.171.2 and 185.15.171.4 for potential lateral movement or shared infrastructure.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇮🇹 Italy
Region	Basilicate
City	Tito
Timezone	Europe/Rome
Latitude	40.58
Longitude	15.67

🏢 Ownership & Registration

Organization	DONATO CONTE
ASN	AS57558
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	host077-171-015-185.retemetis.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`host077-171-015-185.retemetis.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Web Server
Network Tier	Tier 3 — Basic operator with some routing infrastructure

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-dropbear T ?"Mt?Q??2??????curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kexguess2@matt.ucc.asn.a
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	lighttpd/1.4.54
HTTP Title	—
SSH Version	SSH-2.0-dropbear T ?"Mt?Q??2??????curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-gro

🔐 TLS Certificate

A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.

⚠️

E=support@ubnt.com, CN=UBNT-24:5A:4C:EC:1A:C3, OU=Technical Support, O=Ubiquiti Networks Inc., L=San Jose, S=CA, C=US

Issued by E=support@ubnt.com, CN=UBNT-24:5A:4C:EC:1A:C3, OU=Technical Support, O=Ubiquiti Networks Inc., L=San Jose, S=CA, C=US

Self-signed: Yes

SANs	UBNT-24:5A:4C:EC:1A:C3
Valid From	2019-01-01T00:00:00+00:00
Valid Until	2038-01-01T00:00:00+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	6940 days
Serial Number	178EFA10
Thumbprint	B2EF8D6BA69F08347E5A1220B21811DA54A2E03C

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	30%	2	3
routing	13%	1	1
services	26%	2	3
ownership	27%	2	3
reputation	15%	1	2
geolocation	19%	2	2
Overall	22%	10	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mixed Signals (68%) — 2 contradiction(s)
Attribution	Moderate (55%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Geo sources disagree on country: IT, US
⚠ TLS certificate claims US but primary geo says IT

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:00 UTC
Last Seen	2026-06-23 00:36:07 UTC
Profile Built	2026-06-23 00:54:31 UTC
Data Freshness	Live
Signal Types	21
Total Observations	23

🔍 21 signal types · 23 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

185.15.171.77📋 Copy

**1. Risk Profile**

**2. Network & Geolocation**

**3. Services & TLS**

**4. Threat & DNS**

**5. Recommendations**