84.60.149.18
# IP Intelligence Briefing: 84.60.149.18/32
## Executive Summary
IP address 84.60.149.18 is a Vodafone Germany mobile carrier DSL endpoint in Nuremberg, Bavaria with a moderate risk score of 40. The IP represents legitimate mobile carrier infrastructure but exhibits characteristics requiring defensive monitoring due to DNSBL listings and observed threat sibling activity in the /24 subnet.
## Technical Profile
Ownership & Infrastructure:
- ASN: 3209 (Vodafone Germany IP Core Backbone)
- Organization: Vodafone GmbH
- RIR: RIPE
- Network Role: Mobile Carrier
- Connection Type: DSL
- Mobile Carrier: Vodafone (MCC 262, MNC 02, LTE/5G technology)
Geolocation:
- Country: Germany (DE)
- Region: Bavaria
- City: Nuremberg
- Coordinates: 51.17°N, 10.45°E
- Geo Confidence: 0.52 (multi-signal inference)
DNS Resolution:
- PTR Hostname: dslb-084-060-149-018.084.060.pools.vodafone-ip.de
- Forward Resolution: Confirmed (vodafone-ip.de domain)
- Email Auth: SPF configured, DMARC absent
Control Plane:
- BGP Prefix: 84.56.0.0/13
- AS Path: 34549 โ 2914 โ 1273 โ 3209
- Route Stability: Stable (0 route changes in 30 days)
- RPKI Validation: Unknown state
- DNSBL Listings: 2 of 8 lists (notably listed)
## Threat Indicators
Risk Assessment:
- Overall Risk Score: 40 (Moderate)
- Abuse Confidence Score: Not applicable (mobile carrier endpoint)
- Known Campaigns: None identified
- Tor Exit/Proxy: Negative
Observed Threats:
- DNSBL listed on 2 feeds
- Threat sibling detected in /24 subnet (1 of 1 active siblings)
- Inherited subnet risk score: 2
## Historical Analysis
Observation Timeline:
- Total Observations: 26 signals recorded
- Recent Activity: June 26, 2026 (within 48 hours)
- Subnet Classification History: Consistently classified as "mostly_clean" with abuse density 1
- Geolocation Consistency: Stable DE classification across observations
- Infrastructure Type: Consistently identified as Mobile Carrier DSL
## Network Relationships
DNS Associations:
- dslb-084-060-149-018.084.060.pools.vodafone-ip.de (primary hostname)
- vodafone-ip.de (domain authority)
Network Associations:
- ARCOR-DSL-NET13 (same network segment)
- /24 subnet: 84.60.149.0/24
Relationship Count: 40 total relationships (DNS and network associations)
## Neighborhood Analysis
Subnet Context (84.60.149.0/24):
- Abuse Density: 1 (low)
- Classification: mostly_clean
- Active Siblings: 1
- Threat Siblings: 1
- Risk Distribution: No high/medium risk neighbors detected
## Recommended Actions
Based on risk profile and threat indicators, the following defensive actions are recommended:
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 84.60.149.18 -j DROP
# nftables
nft add rule inet filter input ip saddr 84.60.149.18 drop
# nginx
deny 84.60.149.18;
# pfSense
84.60.149.18/32
# Cloudflare WAF
Block 84.60.149.18 โ IPDebrief risk score 40
# AWS WAF
Addresses: ["84.60.149.18/32"]
Description: "IPDebrief risk 40"
```
Priority Assessment: MEDIUM
- Block recommendation due to DNSBL listings and threat sibling presence
- However, this is a legitimate mobile carrier endpoint; consider rate-limiting instead of hard blocking if business requirements permit
## SOC Analyst Notes
This IP represents a legitimate Vodafone mobile carrier DSL endpoint. The moderate risk score (40) is primarily driven by:
1. DNSBL listings (2 feeds)
2. Presence of threat sibling in the /24 subnet
3. Limited service visibility (firewalled/no services)
Recommended Investigation Path:
1. Verify if the IP is generating suspicious outbound connections from your environment
2. Check for correlation with known threat actor TTPs
3. Monitor for behavioral anomalies consistent with compromised mobile device
Context: Mobile carrier IPs may exhibit higher baseline risk due to their nature. Hard blocking may impact legitimate communications. Consider implementing connection rate limiting instead of outright blocking if this IP is being observed on your network.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Vodafone Germany IP Core Backbone |
| ASN | AS3209 |
| Network Name | โ |
| CIDR Block | 84.56.0.0/13 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | dslb-084-060-149-018.084.060.pools.vodafone-ip.de |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | dslb-084-060-149-018.084.060.pools.vodafone-ip.de |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Mobile |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 27% | 3 | 4 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 22% | 12 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 15:05:45 UTC |
| Last Seen | 2026-06-26 11:19:37 UTC |
| Profile Built | 2026-06-26 11:28:01 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 25 |
Full dossier details are available via our API.