62.84.187.70

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 62.84.187.70/32

Classification: Low Risk | Date: 2026-06-14

---

## Executive Summary

IP 62.84.187.70 is a low-risk Contabo cloud compute instance with minimal threat indicators. The IP exhibits no active malicious behavior, no open ports, and no known attack associations. Network context shows moderate neighborhood activity with three neighboring IPs in the same /24 subnet sharing similar risk profiles.

---

## Technical Profile

Attribute	Value
Risk Score	25 (Low Risk)
ASN	51167 (Johannes Selg)
Provider	Contabo (CloudCompute)
Infrastructure	Virtual Machine Instance
DNS Resolution	vmi3169576.contaboserver.net
Open Ports	None (Firewalled/No Services)
Blacklist Count	0
DNSBL Listed	1/8 lists

---

## Geolocation & Network Context

Primary Location: Germany (DE) - Shrewsbury region inference

Geolocation confidence: 0.52 (multi-signal inference)
BGP Prefix: 62.84.176.0/20
Route stability: Unstable (route changes observed)

Neighborhood Analysis (62.84.187.0/24):

Abuse density: 0.5 (moderate)
Total siblings: 4
Active siblings: 2
Threat siblings: 2 (per profile)
Neighbor risk scores: All neighbors scored 25 (low risk)

---

## Historical Signals (Last 23 Observations)

Timeline Highlights:

2026-06-14 20:58:32 - Ownership/stability signal (confidence: 0.85)
2026-06-14 20:55:35 - Subnet abuse density signal (confidence: 0.40)
2026-06-14 20:53:46 - AlienVault OTX signal showing GB attribution with 4 pulse alerts (confidence: 0.75)

Notable: Geolocation data shows conflicting reports (DE vs GB), suggesting IP reputation aggregation from multiple threat intelligence feeds.

---

## Relationship Graph

47 Relationships Identified:

DNS Associations: vmi3169576.contaboserver.net
Network Associations: Multiple links to network identifier TT-20240627
No certificate or hostname associations indicating command-and-control infrastructure

---

## Threat Indicators

Indicator Type	Status
Tor Exit Node	No
Known Attacker	No
Spam Source	No
Campaign Participation	None detected
Is Persistently Malicious	No

---

## Recommended Security Actions

Current Status: No automated firewall rules generated (risk score 25 below action threshold)

Manual Considerations:

1. Monitor - Track IP for changes in threat indicators

2. Block on Demand - If security alerts correlate with this IP

3. Network Context - Consider blocking entire 62.84.187.0/24 subnet if abuse activity increases

4. DNS Monitoring - Watch for DNS resolution changes to vmi3169576.contaboserver.net

---

## Intelligence Assessment

This IP represents a legitimate cloud hosting instance (Contabo) with no active malicious indicators. The low risk score (25) and absence of open services suggest the IP is either:

Properly configured and secured
Inactive or minimally used
Part of a legitimate cloud infrastructure

Confidence Level: High - No contradictory threat signals detected

Recommended Action: Monitor; no immediate blocking required

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	ENG
City	Shrewsbury
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	Johannes Selg
ASN	AS51167
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	vmi3169576.contaboserver.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`vmi3389243.contaboserver.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
Closed Ports	22, 25, 3389, 8080, 8443 (2 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.

⚠️

CN=sni-support-required-for-valid-ssl

Issued by CN=sni-support-required-for-valid-ssl

Self-signed: Yes

SANs	None
Valid From	2026-06-22T14:21:02+00:00
Valid Until	2036-06-19T14:21:02+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	3650 days
Serial Number	2FD72BCC05C5DD495A63CBAF7293BD70C538560E
Thumbprint	F6AF67F02B102A0F0190B97610E30EBE26A36D11

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	29%	2	4
routing	13%	1	1
services	38%	2	4
ownership	24%	2	3
reputation	31%	1	3
geolocation	33%	2	3
Overall	28%	10	18

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-13 06:38:53 UTC
Last Seen	2026-06-27 22:58:54 UTC
Profile Built	2026-06-28 17:03:57 UTC
Data Freshness	Live
Signal Types	23
Total Observations	28

🔍 23 signal types · 28 observations collected

This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

62.84.187.70📋 Copy