173.212.209.89
# IPDEBRIEF INTELLIGENCE BRIEFING
Target: 173.212.209.89/32
Classification: LOW RISK โ Cloud Infrastructure Host
Date: Current Analysis Cycle
---
## EXECUTIVE SUMMARY
IP 173.212.209.89 is classified as Low Risk (Score: 25/100) and operates within Contabo's German cloud infrastructure. The IP resolves to a VPS instance (vmi238474.contaboserver.net) in Nuremberg, DE. No active threat indicators, campaigns, or malicious behavior observed. Single DNSBL listing detected across 8 checked feeds.
---
## PROFILE ANALYSIS
Ownership & Infrastructure:
- ASN: AS51167 (Johannes Selg / Contabo GmbH)
- Organization: Johannes Selg (Contabo)
- CIDR Block: 173.212.192.0/19
- Infrastructure Type: CloudCompute (VPS Hosting)
- RIR: ARIN
Geolocation:
- Country: Germany (DE)
- Region: Bavaria (BY)
- City: Nuremberg (51.17°N, 10.45°E)
- Accuracy: 400 km radius
- Timezone: Europe/Berlin
Network Role:
- Cloud Provider: Contabo
- Hosting: Yes (VPS Instance)
- CDN/Proxy/VPN: No
- Tor Exit: No
- Mobile/Residential: No
DNS Resolution:
- PTR: vmi238474.contaboserver.net
- Forward Hostnames: vmi238474.contaboserver.net
- Forward Resolution: Confirmed (1 hostname)
- Email Authentication: SPF: No, DMARC: No
Services Status:
- Open Ports: None detected
- TLS Certificate: None
- HTTP Banner: None
- Service Classification: Firewalled / No Services
---
## THREAT INTELLIGENCE
Threat Indicators:
- Abuse Confidence Score: None
- Blacklist Count: 1 (of 8 feeds checked)
- Known Campaigns: None
- Is Known Attacker: No
- Is Spam Source: No
Control Plane:
- Operator Score: 0.2609 (Basic)
- DNSSEC Valid: Yes
- Route Stability: False
- Route Changes (30d): 0
- BGP Prefix: 173.212.192.0/19
- RPKI State: Not validated
- IRR Consistency: Not checked
Reputation Signals:
- Overall Reputation: Low Risk
- Provider Score: 0
- Authority Score: 0
- Stability: Inconsistent ownership signals
---
## OBSERVATION HISTORY
Observation Count: 19 signals recorded
Recent Activity (June 15, 2026):
- Geolocation: DE (confidence: 0.52, accuracy: 400 km)
- ASN Signal: AS51167 Contabo GmbH (confidence: 0.75, reputation: 0)
- Operator Classification: Basic (confidence: 0.60, score: 0.3)
- Network Role: Cloud Compute (confidence: 0.90, confirmed: yes)
Temporal Indicators:
- Threat Persistence Days: 0
- Ownership Changes: 0
- Threat Observation Count: 0
- Persistently Malicious: No
---
## RELATIONSHIP GRAPH
Total Relationships: 36 entities linked
Key Associations:
- DNS Associations: Multiple entries pointing to vmi238474.contaboserver.net
- Network Association: Same network (CONTABO)
- Infrastructure Pattern: Single VPS instance on Contabo cloud
Relationship Types:
- DNS Association: Hostname mappings
- Network: AS51167 infrastructure grouping
---
## NEIGHBORHOOD ANALYSIS
Subnet: 173.212.209.89/24
Subnet Metrics:
- Abuse Density: 0 (clean)
- Total Siblings: 1
- Active Siblings: 0
- Threat Siblings: 0
- Inherited Risk: 0
- Classification: Clean
Risk Distribution:
- High Risk: 0
- Medium Risk: 0
- Low Risk: 0
---
## ACTIONABLE INTELLIGENCE
SOC Analyst Recommendations:
1. ALLOW TRAFFIC: IP classified as Low Risk with no active threat indicators. No firewall blocking recommended.
2. MONITOR DNSBL: Single blacklist listing detected. Review specific feed source if traffic appears anomalous.
3. INFRASTRUCTURE CONTEXT: Recognize as Contabo VPS hosting. Expected behavior for cloud infrastructure.
4. NO IMMEDIATE ACTION REQUIRED: No threat campaigns, attacker reputation, or spam activity observed.
5. BENIGN HOSTING PATTERN: VPS instance with no open services. Firewall configuration appears active.
Recommended Firewall Rules:
- No specific block rules generated (Low Risk classification)
- Standard monitoring logging recommended for baseline
---
## CONCLUSION
IP 173.212.209.89 represents standard Contabo cloud infrastructure hosting. No malicious activity, campaigns, or threat indicators observed. The single DNSBL listing warrants awareness but does not indicate active malicious behavior. Traffic from this IP should be permitted with standard monitoring.
Threat Level: LOW โ No action required
Confidence: High based on 19 observations and clean subnet profile
Risk Delta: N/A (single IP analysis)
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi238474.contaboserver.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vmi238474.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 25% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-15 14:45:23 UTC |
| Last Seen | 2026-06-28 02:23:10 UTC |
| Profile Built | 2026-06-28 20:29:48 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.