62.220.236.203
IP Intelligence Briefing: 62.220.236.203
Date: 2026-06-18
---
**1. Core Profile**
- Risk Score: 80 (High Risk)
- Ownership: Registered to fi-pyhanet-1-mnt (Finnish network) under RIPE.
- Geolocation: Pyhäsalmi, Finland (North Ostrobothnia).
- Network Role: Multi-service host (HTTP/SSH).
- Services:
- HTTP/80: Nginx 1.19.6 (banner: `nginx/1.19.6`).
- SSH/22: Dropbear SSH server (banner: `SSH-2.0-dropbear`).
- Threat Indicators:
- Listed on 6 DNSBLs (abuse confidence score: 1).
- No active malware campaigns or known attacker associations.
---
**2. Observation History**
- Latest Risk Signal (June 18): Minimal operator score (0.2174) with DNSSEC and CAA validation.
- Consistency: No significant changes in risk or network behavior over the past 30 days.
- Subnet Analysis:
- 62.220.236.203/24 subnet has abuse density 1 (mostly clean, but inherited risk 2).
- No neighboring IPs found (neighbors tool returned 0 active hosts).
---
**3. Relationships**
- Linked to FI-PYHANET-20030520 network (same provider/organization).
- No connections to known malicious entities, campaigns, or certificates.
---
**4. Network Context**
- BGP Prefix: `62.220.232.0/21` (owned by fi-pyhanet-1-mnt).
- Routing Stability: Route stability score: 0.2174 (minimal).
- DNSSEC: Validated.
- DNSBL Status: Listed on 6/8 DNSBLs (e.g., Spamhaus, Project Honey Pot).
---
**5. Recommendations**
- Monitor SSH Traffic: Analyze Dropbear SSH logs for brute-force attempts or unauthorized access.
- Check DNSBL Compliance: Verify if the IP is falsely listed or requires mitigation.
- Network Segmentation: Ensure isolation of this host from critical assets, given its multi-service role.
- Geolocation Verification: Confirm if traffic from Finland is expected or indicative of spoofing.
Conclusion: This IP is a high-risk host with no direct malicious activity but is flagged by DNSBLs. Further investigation into DNSBL listings and network segmentation is advised.
Tools Used: `ipdebrief_profile`, `ipdebrief_history`, `ipdebrief_relationships`, `ipdebrief_neighbors`.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | fi-pyhanet-1-mnt |
| ASN | AS57359 |
| Network Name | โ |
| CIDR Block | 62.220.232.0/21 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Multi-Service Host |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 443, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | nginx/1.19.6 |
| HTTP Title | โ |
| SSH Version | SSH-2.0-dropbear ??-?{??p??Z????curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 3 |
| routing | 32% | 2 | 3 |
| services | 28% | 2 | 4 |
| ownership | 26% | 3 | 4 |
| reputation | 21% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 27% | 12 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:31 UTC |
| Last Seen | 2026-06-26 18:11:30 UTC |
| Profile Built | 2026-06-24 18:23:49 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 27 |
Full dossier details are available via our API.