THREAT INTELLIGENCE BRIEFING
Target: 65.20.184.80/32
Classification: High Risk (Score: 80)
Date: 2026-06-22
Classification: Web Server Infrastructure
---
EXECUTIVE SUMMARY
IP 65.20.184.80 is classified as High Risk with a risk score of 80. The address operates as a web server in the United Arab Emirates (AE) within the 65.20.184.0/24 subnet. While the immediate neighborhood shows no abuse density, the IP maintains elevated risk indicators including multiple DNSBL listings and persistent network relationships to a telecom infrastructure provider.
---
INFRASTRUCTURE PROFILE
- IP Address: 65.20.184.80
- ASN: 203214 (HulumTele - Hulum Almustakbal Company for Communication Engineering and Services Ltd, IQ)
- Organization: ae-earthlink-dmcc-1-mnt
- Geolocation: UAE (AE), Babil Governorate, Al Hillah
- Geolocation Accuracy: ±200km radius
- Service Type: Web Server (lighttpd/1.4.39)
- Network Role: Provider infrastructure
---
NETWORK SERVICES
- Port 80/TCP: HTTP (open)
- Port 443/TCP: HTTPS (open)
- Port 22/TCP: SSH (dropbear_2016.74)
- DNS: No reverse DNS resolution; no forward DNS records
- TLS: No certificate detected
- HTTP Title: Not available
---
THREAT INDICATORS
- Risk Score: 80 (High Risk)
- DNSBL Listings: 4 of 8 total blacklists
- Threat Indicators: No active threat indicators detected
- Known Campaigns: None identified
- Abuse Confidence Score: Not available
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
---
CONTROL PLANE ANALYSIS
- BGP Origin: 65.20.128.0/17
- Origin ASN: 203214
- Route Stability: Unstable
- RPKI State: Not available
- Route Changes (30d): 0
- IR Consistency: Not available
---
HISTORY & OBSERVATIONS (18 Total)
- Latest Observation: 2026-06-22T12:59:58Z - Connection failure (confidence: 0.30)
- ASN Assignment: 65.20.128.0/17 โ HulumTele (2026-06-18)
- Geolocation Consistency: UAE (AE) across all observations
- Operator Score: 0.1304 (Minimal)
- Threat Persistence Days: 0
- Is Persistently Malicious: No
- Threat Observation Count: 0
---
NEIGHBORHOOD ANALYSIS
- Subnet: 65.20.184.80/24
- Abuse Density: 0 (Clean)
- Total Siblings: 1 active sibling
- Threat Siblings: 0
- Inherited Risk: 0
- Classification: Clean
---
RELATIONSHIP GRAPH
- Total Relationships: 37
- Network Relationships: 32+ identical "Same Network" relationships to AE-EARTHLINK-DMCC-20010129
- Correlated IPs: 0
- Certificate Matches: 0
- Banner Matches: 0
---
RECOMMENDED ACTIONS
Based on the risk profile and DNSBL listings, the following actions are recommended:
1. Monitoring: Continue monitoring for outbound connections from this IP to internal assets
2. Block Consideration: Evaluate blocking on port 22 (SSH) given the outdated dropbear version (2016.74)
3. Geolocation Awareness: Source location (UAE) may warrant additional scrutiny for incoming connections
4. DNSBL Review: Investigate the 4 DNSBL listings to determine if they require remediation
---
ANALYST NOTES
The IP shows elevated risk scoring but maintains a clean neighborhood profile with zero abuse density. The primary risk factors appear to be DNSBL listings and route instability rather than active malicious behavior. The infrastructure appears to be part of a telecom provider network with multiple related endpoints. Recommend continued monitoring but no immediate blocking action unless specific threat activity is observed.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | ae-earthlink-dmcc-1-mnt |
| ASN | AS203214 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | lighttpd/1.4.39 |
| HTTP Title | โ |
| SSH Version | SSH-2.0-dropbear_2016.74 ,?&??"p5??????l??curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 25% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 15% | 1 | 2 |
| geolocation | 21% | 2 | 2 |
| Overall | 24% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:32 UTC |
| Last Seen | 2026-06-26 18:11:31 UTC |
| Profile Built | 2026-06-25 14:44:58 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 19 |
Full dossier details are available via our API.