157.173.113.227
IP Intelligence Briefing: 157.173.113.227
Date: 2026-06-10
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Provider: Contabo (Cloud Hosting)
- Ownership: Registered to Johannes Selg (AS 51167).
- Geolocation: Lauterbourg, Grand Est, France (DE).
- Network Role: CloudCompute instance (no open ports, no services detected).
---
**2. Threat Observations**
- Recent Activity (2026-06-10):
- Listed in 8 threat feeds (1 high-severity, 5 medium, 2 low).
- Associated with UK-based source (alienvault-otx) showing 7 pulse alerts (e.g., "malware," "exploit kits").
- No confirmed malicious campaigns or DNS-based threats.
- Historical Context:
- No persistent malicious behavior detected.
- Subnet (157.173.112.0/20) shows no abuse density.
---
**3. Relationships & Network**
- DNS Associations:
- Resolves to vmi2147999.contaboserver.net (Contabo-hosted VM).
- Subnet: 157.173.112.0/20 (no active/abusive neighbors).
- Hosting Provider: Contabo (cloud infrastructure).
---
**4. Recommended Actions**
- Firewall Blocking:
- Use the provided rules to block traffic from this IP (e.g., `iptables -A INPUT -s 157.173.113.227 -j DROP`).
- Monitoring:
- Track for sudden changes in threat feed listings or DNS behavior.
- Verify if the Contabo VM is linked to other IPs in the 157.173.112.0/20 subnet.
---
**5. Summary**
The IP is a Contabo-hosted cloud instance with no confirmed malicious activity. While it appears in some threat feeds, the risk score is moderate, and no persistent threats were observed. SOC teams should monitor for anomalies but may prioritize blocking it to mitigate potential low-risk exposure.
Next Steps: Cross-check with internal threat intel, validate DNS/host relationships, and ensure cloud provider compliance.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi2147999.contaboserver.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | vmi2147999.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 21% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-23 18:28:54 UTC |
| Last Seen | 2026-06-28 22:33:19 UTC |
| Profile Built | 2026-06-29 04:36:14 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 21 |
Full dossier details are available via our API.