62.84.181.20

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## THREAT INTELLIGENCE BRIEFING

IP Address: 62.84.181.20/32

Date: Current Intelligence Cycle

Classification: Low Risk / Monitoring Recommended

---

EXECUTIVE SUMMARY

Target IP 62.84.181.20 presents a LOW RISK profile (Risk Score: 30) with no active threat indicators. Infrastructure belongs to Contabo cloud provider, operating as web server infrastructure. No immediate blocking actions recommended; maintain monitoring posture.

---

INFRASTRUCTURE PROFILE

Provider: Contabo (ASN 51167)
Organization: Johannes Selg / TT-20240627
CIDR Block: 62.84.176.0/20 (RIPE RIR)
Infrastructure Type: Cloud Computing / Hosting
Network Role: Web Server
Geolocation: DE (Germany) / Shrewsbury, ENG (geolocation consensus: FALSE)

---

NETWORK SERVICES & FINGERPRINT

Open Ports:

80/TCP (HTTP)
443/TCP (HTTPS)
22/TCP (SSH - OpenSSH_9.6p1 Ubuntu)
8080/TCP (HTTP-ALT)

Server Fingerprint: nginx/1.24.0 (Ubuntu)

TLS Certificate: Let's Encrypt (*.dashivalogs.com)

PTR Hostname: vmi3298848.contaboserver.net

---

THREAT INDICATORS ASSESSMENT

Abuse Confidence Score: Not applicable (low risk)
Blacklist Status: 0 blacklists (DNSBL: 1/8 lists)
Tor Exit Node: No
Known Attacker: No
Spam Source: No
Active Campaigns: None detected
Known Threat Feeds: Empty

---

NEIGHBORHOOD ANALYSIS

Subnet: 62.84.181.20/24

Abuse Density: 0 (Clean)

Threat Siblings: 0

Total Active Siblings: 1

Classification: Clean

---

RELATIONSHIP MAPPING

DNS Associations: vmi3298848.contaboserver.net (multiple entries)
Network References: TT-20240627 (27 relationship entries)
Related Domains: dashivalogs.com (SPF/DMARC configured)

---

OBSERVATION HISTORY (21 Signals)

Recent Activity (2026-06-16):

HTTP responses with Next.js application stack (powered_by: Next.js)
TLS/HTTPS services operational (ttfb_ms: 373)
DNS records resolved with SPF/DMARC validation
Mixed geolocation signals (DE registration, UK geolocation data)
4 pulse detections in alienvault-otx feed

---

CONTROL PLANE METRICS

Origin ASN: 51167
BGP Prefix: 62.84.176.0/20
Route Stability: False (route changes: 0)
DNSSEC: Valid
Operator Score: 0.2609 (Basic)

---

SOC ANALYST RECOMMENDATIONS

IMMEDIATE ACTIONS: None required. IP classified as low risk with no malicious indicators.

MONITORING PARAMETERS:

1. Track for DNSBL listing changes (currently 1/8 lists)

2. Monitor for new threat indicator additions

3. Observe for neighborhood abuse density changes

4. Watch for geolocation data inconsistencies

BLOCKING RULES: Not recommended at this time. Add to watchlist for anomaly correlation if suspicious traffic patterns emerge.

INVESTIGATION PRIORITY: Low

RISK LEVEL: Low Risk (Score: 30/100)

CONFIDENCE: High (based on 21 historical observations)

---

*End of Intelligence Briefing*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	ENG
City	Shrewsbury
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	Johannes Selg
ASN	AS51167
Network Name	TT-20240627
CIDR Block	62.84.176.0/20
RIR	RIPE
Country	DE
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	vmi3298848.contaboserver.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`vmi3298848.contaboserver.net`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	1/2 domains
DMARC	1/2 domains
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured
Domains Checked	2 domains

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Tier 3 — Basic operator with some routing infrastructure

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
8080	http-alt	tcp	—
Closed Ports	25, 3389, 8443 (4 open / 7 scanned)

Server	nginx/1.24.0 (Ubuntu)
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16

🔐 TLS Certificate

🔒

CN=*.dashivalogs.com

Issued by CN=YE2, O=Let's Encrypt, C=US

Self-signed: No

SANs	*.dashivalogs.com
Valid From	2026-05-31T11:09:51+00:00
Valid Until	2026-08-29T11:09:50+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha384ECDSA
Validity Period	89 days
Serial Number	052E50FA20EB7ED6B27DF562C55A6191FF86
Thumbprint	12F9A5E84C9EEDE60A291A8AEC8A762C18A450CD

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	3
routing	13%	1	1
services	35%	2	4
ownership	27%	2	3
reputation	15%	1	2
geolocation	19%	2	2
Overall	23%	10	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-31 11:15:03 UTC
Last Seen	2026-06-21 06:29:42 UTC
Profile Built	2026-06-21 06:32:14 UTC
Data Freshness	Live
Signal Types	24
Total Observations	26

🔍 24 signal types · 26 observations collected

This report is generated from 24+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

62.84.181.20📋 Copy