147.93.157.83
# IP INTELLIGENCE BRIEFING: 147.93.157.83/32
Date: 2026-06-23
IP Address: 147.93.157.83/32
Analysis Status: Complete
---
## EXECUTIVE SUMMARY
IP 147.93.157.83 presents a LOW RISK profile with a risk score of 25. The address operates as a web server infrastructure under ASN 141995 (Johannes Selg), hosting web services on ports 80 and 443. While individual risk is minimal, the /24 subnet (147.93.157.0/24) exhibits moderate abuse density (0.5) with two threat-sibling IPs identified. No active malicious campaigns or persistent threat indicators were observed.
---
## OWNERSHIP & NETWORK CLASSIFICATION
- ASN: 141995 (Johannes Selg)
- Organization: Johannes Selg (Private/Individual)
- Geolocation: Germany (DE) / Singapore (reported discrepancy detected)
- Service Type: Web Server
- Infrastructure: Not classified as CDN, Cloud, Proxy, or Tor exit node
- Control Plane: BGP prefix 147.93.156.0/22
---
## TECHNICAL PROFILE
| Component | Details |
|---|---|
| **Open Ports** | TCP/80 (HTTP), TCP/443 (HTTPS) |
| **Server Software** | Caddy |
| **DNS PTR Hostname** | vmi3212337.contaboserver.net |
| **Forward Resolution** | mail.neutize.com |
| **Email Authentication** | SPF: Yes, DMARC: Yes |
| **TLS Certificate** | Not resolved/available |
| **DNSBL Status** | Listed on 1 of 8 total lists |
---
## RISK ASSESSMENT
| Metric | Value | Assessment |
|---|---|---|
| **Risk Score** | 25 | Low Risk |
| **Abuse Confidence** | None reported | - |
| **Known Attacker** | No | - |
| **Spam Source** | No | - |
| **Tor Exit Node** | No | - |
| **Threat Persistence** | 0 days | No persistent malicious activity |
| **Campaign Correlation** | None | No known campaign associations |
---
## NEIGHBORHOOD ANALYSIS (147.93.157.0/24)
- Subnet Classification: Mostly Clean
- Abuse Density: 0.5 (Moderate)
- Total Active Siblings: 3
- Threat Siblings: 2
Neighbor Risk Distribution:
| IP Address | Risk Score | Authority Score | Threat Level |
|---|---|---|---|
| 147.93.157.83 | 25 | - | Low |
| 147.93.157.182 | 25 | 60 | Low |
| 147.93.157.194 | 40 | 60 | Medium |
| 147.93.157.252 | 0 | 50 | Low |
---
## OBSERVATION HISTORY
- Total Observations: 24 signals recorded
- Recent Activity: Signals observed as of 2026-06-22
- Geolocation Validation: Distance validation flagged (10,379.2 km discrepancy between claimed and observed coordinates)
- Threat Trend: Stable with no escalation pattern
- Ownership Stability: No ownership changes recorded
---
## RELATIONSHIP GRAPH
- Total Relationships: 51 associations
- Network Associations: Multiple links to network entity TT-20241122
- DNS Associations: vmi3212337.contaboserver.net
---
## RECOMMENDED ACTIONS
Current Risk Level: LOW
Recommended Action: MONITOR
No immediate firewall blocking or blocking actions recommended based on current risk profile. However, the following conditions warrant continued monitoring:
1. Subnet-Wide Monitoring: Two neighboring IPs in the /24 subnet show elevated risk (147.93.157.194 with score 40)
2. DNSBL Monitoring: IP is listed on 1 of 8 DNSBL listsβverify reason for listing
3. Geolocation Verification: Coordinate discrepancy (Germany vs Singapore) should be validated
4. Threat Sibling Monitoring: Monitor 147.93.157.182 and 147.93.157.194 for potential coordinated activity
---
## ANALYST NOTES
This IP address represents standard web hosting infrastructure with no immediate malicious indicators. The low risk score (25) and clean classification support continued monitoring rather than blocking. The presence of threat siblings in the same /24 subnet suggests potential for coordinated activity; recommend periodic neighborhood re-assessment. No specific firewall rules generatedβstandard defensive posture appropriate for this risk level.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS141995 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | vmi3212337.contaboserver.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | mail.neutize.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | Caddy |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 4 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 25% | 10 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:03:44 UTC |
| Last Seen | 2026-06-22 16:33:52 UTC |
| Profile Built | 2026-06-22 16:40:45 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 25 |
Full dossier details are available via our API.