## THREAT INTELLIGENCE BRIEFING
IP Address: 62.84.181.20/32
Date: Current Intelligence Cycle
Classification: Low Risk / Monitoring Recommended
---
EXECUTIVE SUMMARY
Target IP 62.84.181.20 presents a LOW RISK profile (Risk Score: 30) with no active threat indicators. Infrastructure belongs to Contabo cloud provider, operating as web server infrastructure. No immediate blocking actions recommended; maintain monitoring posture.
---
INFRASTRUCTURE PROFILE
- Provider: Contabo (ASN 51167)
- Organization: Johannes Selg / TT-20240627
- CIDR Block: 62.84.176.0/20 (RIPE RIR)
- Infrastructure Type: Cloud Computing / Hosting
- Network Role: Web Server
- Geolocation: DE (Germany) / Shrewsbury, ENG (geolocation consensus: FALSE)
---
NETWORK SERVICES & FINGERPRINT
Open Ports:
- 80/TCP (HTTP)
- 443/TCP (HTTPS)
- 22/TCP (SSH - OpenSSH_9.6p1 Ubuntu)
- 8080/TCP (HTTP-ALT)
Server Fingerprint: nginx/1.24.0 (Ubuntu)
TLS Certificate: Let's Encrypt (*.dashivalogs.com)
PTR Hostname: vmi3298848.contaboserver.net
---
THREAT INDICATORS ASSESSMENT
- Abuse Confidence Score: Not applicable (low risk)
- Blacklist Status: 0 blacklists (DNSBL: 1/8 lists)
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Active Campaigns: None detected
- Known Threat Feeds: Empty
---
NEIGHBORHOOD ANALYSIS
Subnet: 62.84.181.20/24
Abuse Density: 0 (Clean)
Threat Siblings: 0
Total Active Siblings: 1
Classification: Clean
---
RELATIONSHIP MAPPING
- DNS Associations: vmi3298848.contaboserver.net (multiple entries)
- Network References: TT-20240627 (27 relationship entries)
- Related Domains: dashivalogs.com (SPF/DMARC configured)
---
OBSERVATION HISTORY (21 Signals)
Recent Activity (2026-06-16):
- HTTP responses with Next.js application stack (powered_by: Next.js)
- TLS/HTTPS services operational (ttfb_ms: 373)
- DNS records resolved with SPF/DMARC validation
- Mixed geolocation signals (DE registration, UK geolocation data)
- 4 pulse detections in alienvault-otx feed
---
CONTROL PLANE METRICS
- Origin ASN: 51167
- BGP Prefix: 62.84.176.0/20
- Route Stability: False (route changes: 0)
- DNSSEC: Valid
- Operator Score: 0.2609 (Basic)
---
SOC ANALYST RECOMMENDATIONS
IMMEDIATE ACTIONS: None required. IP classified as low risk with no malicious indicators.
MONITORING PARAMETERS:
1. Track for DNSBL listing changes (currently 1/8 lists)
2. Monitor for new threat indicator additions
3. Observe for neighborhood abuse density changes
4. Watch for geolocation data inconsistencies
BLOCKING RULES: Not recommended at this time. Add to watchlist for anomaly correlation if suspicious traffic patterns emerge.
INVESTIGATION PRIORITY: Low
RISK LEVEL: Low Risk (Score: 30/100)
CONFIDENCE: High (based on 21 historical observations)
---
*End of Intelligence Briefing*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | TT-20240627 |
| CIDR Block | 62.84.176.0/20 |
| RIR | RIPE |
| Country | DE |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi3298848.contaboserver.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vmi3298848.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 1/2 domains |
| DMARC | 1/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| 8080 | http-alt | tcp | โ |
| Closed Ports | 25, 3389, 8443 (4 open / 7 scanned) | ||
| Server | nginx/1.24.0 (Ubuntu) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
| SANs | *.dashivalogs.com |
| Valid From | 2026-05-31T11:09:51+00:00 |
| Valid Until | 2026-08-29T11:09:50+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 052E50FA20EB7ED6B27DF562C55A6191FF86 |
| Thumbprint | 12F9A5E84C9EEDE60A291A8AEC8A762C18A450CD |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 35% | 2 | 4 |
| ownership | 27% | 2 | 3 |
| reputation | 15% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-31 11:15:03 UTC |
| Last Seen | 2026-06-21 06:29:42 UTC |
| Profile Built | 2026-06-21 06:32:14 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 26 |
Full dossier details are available via our API.