65.20.184.80📋 Copy

THREAT INTELLIGENCE BRIEFING

Target: 65.20.184.80/32

Classification: High Risk (Score: 80)

Date: 2026-06-22

Classification: Web Server Infrastructure

---

EXECUTIVE SUMMARY

IP 65.20.184.80 is classified as High Risk with a risk score of 80. The address operates as a web server in the United Arab Emirates (AE) within the 65.20.184.0/24 subnet. While the immediate neighborhood shows no abuse density, the IP maintains elevated risk indicators including multiple DNSBL listings and persistent network relationships to a telecom infrastructure provider.

---

INFRASTRUCTURE PROFILE

• IP Address: 65.20.184.80
• ASN: 203214 (HulumTele - Hulum Almustakbal Company for Communication Engineering and Services Ltd, IQ)
• Organization: ae-earthlink-dmcc-1-mnt
• Geolocation: UAE (AE), Babil Governorate, Al Hillah
• Geolocation Accuracy: ±200km radius
• Service Type: Web Server (lighttpd/1.4.39)
• Network Role: Provider infrastructure

---

NETWORK SERVICES

• Port 80/TCP: HTTP (open)
• Port 443/TCP: HTTPS (open)
• Port 22/TCP: SSH (dropbear_2016.74)
• DNS: No reverse DNS resolution; no forward DNS records
• TLS: No certificate detected
• HTTP Title: Not available

---

THREAT INDICATORS

• Risk Score: 80 (High Risk)
• DNSBL Listings: 4 of 8 total blacklists
• Threat Indicators: No active threat indicators detected
• Known Campaigns: None identified
• Abuse Confidence Score: Not available
• Known Attacker: No
• Spam Source: No
• Tor Exit Node: No

---

CONTROL PLANE ANALYSIS

• BGP Origin: 65.20.128.0/17
• Origin ASN: 203214
• Route Stability: Unstable
• RPKI State: Not available
• Route Changes (30d): 0
• IR Consistency: Not available

---

HISTORY & OBSERVATIONS (18 Total)

• Latest Observation: 2026-06-22T12:59:58Z - Connection failure (confidence: 0.30)
• ASN Assignment: 65.20.128.0/17 → HulumTele (2026-06-18)
• Geolocation Consistency: UAE (AE) across all observations
• Operator Score: 0.1304 (Minimal)
• Threat Persistence Days: 0
• Is Persistently Malicious: No
• Threat Observation Count: 0

---

NEIGHBORHOOD ANALYSIS

• Subnet: 65.20.184.80/24
• Abuse Density: 0 (Clean)
• Total Siblings: 1 active sibling
• Threat Siblings: 0
• Inherited Risk: 0
• Classification: Clean

---

RELATIONSHIP GRAPH

• Total Relationships: 37
• Network Relationships: 32+ identical "Same Network" relationships to AE-EARTHLINK-DMCC-20010129
• Correlated IPs: 0
• Certificate Matches: 0
• Banner Matches: 0

---

RECOMMENDED ACTIONS

Based on the risk profile and DNSBL listings, the following actions are recommended:

1. Monitoring: Continue monitoring for outbound connections from this IP to internal assets

2. Block Consideration: Evaluate blocking on port 22 (SSH) given the outdated dropbear version (2016.74)

3. Geolocation Awareness: Source location (UAE) may warrant additional scrutiny for incoming connections

4. DNSBL Review: Investigate the 4 DNSBL listings to determine if they require remediation

---

ANALYST NOTES

The IP shows elevated risk scoring but maintains a clean neighborhood profile with zero abuse density. The primary risk factors appear to be DNSBL listings and route instability rather than active malicious behavior. The infrastructure appears to be part of a telecom provider network with multiple related endpoints. Recommend continued monitoring but no immediate blocking action unless specific threat activity is observed.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.