161.97.78.181
# INTELLIGENCE BRIEFING: 161.97.78.181
## Executive Summary
IP address 161.97.78.181 presents a moderate risk profile (score: 40/100) associated with Contabo cloud infrastructure in Nuremberg, Germany. The IP hosts web services under the opeensecurity.net domain with standard email authentication controls in place. No active malicious campaigns or known attacker indicators were identified.
---
## IP Profile Details
Address: 161.97.78.181/32
Risk Classification: Moderate Risk (40/100)
ASN: 51167 (Contabo)
Organization: Johannes Selg
Geolocation: Nuremberg, Germany (DE)
Coordinates: 51.17°N, 10.45°E
Timezone: Europe/Berlin
Network Infrastructure:
- Infrastructure Type: CloudCompute
- Provider: Contabo
- Connection Type: Cloud
- Hosting: Yes
- Anycast: No
- Mobile/Residential: No
---
## Network Classification & Control Plane
BGP Prefix: 161.97.78.0/23
Route Stability: False
Operator Score: 0.2174 (Minimal)
DNSBL Status: Listed on 2 of 8 threat feeds
RPKI State: Not evaluated
DNSSEC: Valid
CAA Records: Present
---
## DNS & Email Infrastructure
PTR Hostname: mail.opeensecurity.net
Forward Resolution: mail.opeensecurity.com
Primary Domain: opeensecurity.net
Forward Resolution Count: 1
Email Authentication:
- SPF: Configured
- DMARC: Configured
- TXT Record Count: 0
---
## Service Exposure
Open Ports:
| Port | Protocol | Service | Banner |
|---|---|---|---|
| 80 | TCP | HTTP | nginx/1.22.1 |
| 22 | TCP | SSH | SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u10 |
| 8080 | TCP | HTTP-alt | - |
Server Fingerprint: nginx/1.22.1
HTTP Version: 1.1
Status Code: 200
TTFB: 232ms
---
## Threat Indicators Assessment
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Blacklist Count: 0
- Known Campaigns: None
- Campaign Likelihood: None
---
## Historical Analysis
Total Observations: 24
Latest Observation: 2026-06-19T13:20:53 UTC
Recent Signal Observations:
- HTTP fingerprint confirmed (nginx/1.22.1)
- Geo validation plausible with 401.9km distance from claimed location
- Operator score: 0.25 (Minimal)
- Certificate search: 0 certificates resolved
---
## Relationship Graph
Total Relationships: 73
Primary Connections: Contabo network (68+ relationships)
Network Classification: Same Network (CONTABO)
---
## Neighborhood Analysis
Subnet: 161.97.78.181/24
Abuse Density: 0 (Low)
Total Siblings: 1
Active Siblings: 1
Threat Siblings: 1
Risk Distribution: 0 High, 0 Medium, 0 Low
---
## Recommended Actions
Immediate Actions
- Monitor: Continue monitoring for changes in threat indicators
- Allow with Logging: No immediate blocking required; IP maintains moderate risk profile
Firewall Rules (Reference)
```bash
# Allow HTTP/HTTPS (if not already filtered)
iptables -A INPUT -p tcp -s 161.97.78.181 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 161.97.78.181 --dport 443 -j ACCEPT
# Allow SSH with logging (monitor for abuse)
iptables -A INPUT -p tcp -s 161.97.78.181 --dport 22 -j LOG --log-prefix "SSH-161.97.78.181-"
iptables -A INPUT -p tcp -s 161.97.78.181 --dport 22 -j ACCEPT
```
WAF Considerations
- Review incoming traffic from this IP against WAF rules
- Monitor for unusual request patterns given the cloud hosting context
---
## Intelligence Assessment
This IP address operates on Contabo cloud infrastructure, a legitimate hosting provider frequently used for legitimate web services and email infrastructure. The presence of proper SPF and DMARC records suggests configured email authentication. DNSBL listings indicate the IP has been observed in some threat contexts, though current threat indicators remain negative. The moderate risk score reflects the cloud hosting environment rather than confirmed malicious activity. No immediate threat action required; continue standard monitoring procedures.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | mail.opeensecurity.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | mail.opeensecurity.net |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Multi-Service Host |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 22 | ssh | tcp | |
| 8080 | http-alt | tcp | โ |
| Closed Ports | 25, 443, 3389, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.22.1 |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u10 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 34% | 2 | 5 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 27% | 10 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-09 11:33:38 UTC |
| Last Seen | 2026-06-27 15:21:23 UTC |
| Profile Built | 2026-06-28 09:25:44 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 32 |
Full dossier details are available via our API.