## IP Intelligence Briefing: 31.220.80.85/32
Classification: Low Risk Cloud Hosting Infrastructure
Date: 2026-06-20
Risk Score: 25/100
Executive Summary
IP 31.220.80.85 is a Contabo cloud hosting resource (ASN 51167) configured as a web server. The IP presents a low-risk profile with no active threat indicators, zero blacklist listings, and no observed malicious activity. The address is associated with the domain comidaf.com and resolves to a virtual machine identifier (vmi3278086) within the contaboserver.net infrastructure.
Network Classification
- Provider: Contabo (CloudCompute infrastructure)
- ASN: 51167 / 51167 (Johannes Selg)
- Geolocation: Germany (DE) โ reported location: Denia
- CIDR Block: 31.220.80.0/21
- Infrastructure Type: Cloud hosting with public web services
- Network Role: Web Server (HTTP/HTTPS)
Observed Services & Configuration
| Port | Protocol | Service | Status |
|---|---|---|---|
| 80 | TCP | HTTP | Open |
| 443 | TCP | HTTPS | Open |
| 22 | TCP | SSH | Open |
- TLS Configuration: TLS 1.3, Cipher: TLS_AES_256_GCM_SHA384
- Web Server: nginx/1.24.0 (Ubuntu)
- SSH Version: OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
- Certificate Authority: Let's Encrypt
- Certificate Subject: comidaf.com
- DNS PTR: vmi3278086.contaboserver.net
Threat Indicators
- Blacklist Status: Clean (0 DNSBL listings)
- Known Campaigns: None
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Abuse Confidence Score: Not applicable
- Threat Observation Count: 1
Historical Observations (23 Total Signals)
Recent observations indicate stable infrastructure characteristics:
- DNS Resolutions: comidaf.com and contaboserver.net
- HTTP Status: 400 (Bad Request) observed
- TLS Fingerprint: Consistent TLS 1.3 configuration
- Server Headers: nginx/1.24.0, Ubuntu-based
- No Significant Changes: No escalation in risk profile over monitoring period
Relationship Graph (40 Relationships)
- DNS Associations: vmi3278086.contaboserver.net (multiple entries)
- Network Affiliations: Network TT-20230217
- No Malicious Correlations: No relationships to known threat actors or campaigns
Neighborhood Analysis (31.220.80.0/24)
- Subnet Classification: Clean
- Abuse Density: 0%
- Active Siblings: 1
- Threat Siblings: 0
- High-Risk Neighbors: 0
Recommended Actions
No immediate security actions required. The IP demonstrates a clean security posture appropriate for standard cloud hosting operations. Routine monitoring is recommended to verify continued compliance with acceptable use policies.
SOC Analyst Notes
This IP represents a standard cloud computing resource with no evidence of malicious activity. The Contabo hosting environment (ASN 51167) shows no subnet-wide abuse patterns. Traffic to/from this IP should be permitted per standard web server policies. The presence of SSH port 22 is expected for cloud infrastructure management.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi3278086.contaboserver.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vmi3278086.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | 0/2 domains |
| DMARC | 0/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.24.0 (Ubuntu) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
| SANs | comidaf.comwww.comidaf.com |
| Valid From | 2026-05-04T16:29:59+00:00 |
| Valid Until | 2026-08-02T16:29:58+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 0585F149EE022239EA640698E279DF6A72A2 |
| Thumbprint | A9F0C6270ABFD4186654751F03FE1ADE412AA70D |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 26% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 21:40:08 UTC |
| Last Seen | 2026-06-28 09:59:08 UTC |
| Profile Built | 2026-06-29 04:04:11 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.