37.208.46.130

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 37.208.46.130

*Generated from IPDebrief analysis*

---

Key Risk Indicators

Risk Score: 80 (High Risk)
Threat Observations: No direct malicious indicators (no malware, phishing, or exploit activity detected).
Network Role: Web server (ports 80/443/22 open; SSH banner indicates dropbear).
Geolocation: Astana, Kazakhstan (ASN 41798, owner: Nurbek Suleimanov).
Subnet Abuse Density: 0% (low risk in subnet, but one neighbor (37.208.46.2) has a 70 risk score).

---

Critical Findings

1. Ownership & Infrastructure:

- Registered to Nurbek Suleimanov (Kazakhstan).

- Hosts a web server with mixed TLS/SSH services.

- No active spam, attacker, or Tor exit node associations.

2. Network Relationships:

- Part of the `TTC_pool_for_Corp_customers` network (shared with other IPs).

- Neighboring IPs include 37.208.46.2 (risk score 70), suggesting potential lateral movement risk.

3. Historical Signals:

- Observed June 18, 2026, with mixed confidence in DNSSEC, CAA, and routing data.

- No persistent malicious activity detected over 30-day window.

---

Recommended Actions

Monitor SSH/dropbear service: Investigate potential vulnerabilities in the SSH implementation.
Watch subnet neighbors: 37.208.46.2 shows elevated risk; verify if part of a broader compromise.
Verify TLS certificates: The server uses a self-signed certificate with no SANs; ensure this is intentional.
Check for DNS anomalies: The IP has no DNSSEC validation or SPF/DKIM records, increasing spoofing risk.

---

Classification: High Risk (due to owner-controlled infrastructure and subnet neighbor activity).

Next Steps: Correlate with internal threat feeds, monitor for unusual traffic patterns, and assess neighbor IP behavior.

*End of Briefing*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇰🇿 KZ
Region	Astana
City	Astana
Timezone	—
Latitude	51.19
Longitude	71.45

🏢 Ownership & Registration

Organization	Nurbek Suleimanov
ASN	AS41798
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Web Server
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-dropbear_2017.75 \F?Rw?B?7W??sG+?curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kexgues
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	lighttpd/1.4.31
HTTP Title	—
SSH Version	SSH-2.0-dropbear_2017.75 \F?Rw?B?7W??sG+?curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-

🔐 TLS Certificate

An expired certificate for CN=Test Server Cert, OU=FOR TESTING PURPOSES ONLY, O=OpenSSL Group, C=UK was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.

🔒

CN=Test Server Cert, OU=FOR TESTING PURPOSES ONLY, O=OpenSSL Group, C=UK

Issued by CN=OpenSSL Test Intermediate CA, OU=FOR TESTING PURPOSES ONLY, O=OpenSSL Group, C=UK

Self-signed: No

SANs	None
Valid From	2011-12-08T14:01:48+00:00
Valid Until	2021-10-16T14:01:48+00:00 (expired)
TLS Protocol	Tls12
Cipher Suite	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Signature Algorithm	sha1RSA
Validity Period	3600 days
Serial Number	00B9EED4D955A59EB3
Thumbprint	E84A8E20764EEF0EEDBE549F918CA4F6A2B3D104

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	32%	2	4
routing	25%	1	1
services	28%	2	4
ownership	23%	2	3
reputation	23%	1	3
geolocation	21%	2	2
Overall	25%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mixed Signals (68%) — 2 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Geo sources disagree on country: UK, KZ
⚠ TLS certificate claims UK but primary geo says KZ

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:17 UTC
Last Seen	2026-06-24 01:22:58 UTC
Profile Built	2026-06-23 11:30:38 UTC
Data Freshness	Live
Signal Types	23
Total Observations	31

🔍 23 signal types · 31 observations collected

This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

37.208.46.130📋 Copy