173.249.0.104

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 173.249.0.104

*Generated via IPDebrief Network Intelligence*

---

1. IP Profile

Risk Score: Moderate (50/100)
Ownership: Owned by Contabo (ASN 51167), a cloud hosting provider.
Geolocation: Germany (DE), Grand Est region, Lauterbourg (latitude 51.17, longitude 10.45).
Network Role: Cloud compute instance (Nginx server, SSH, HTTP/HTTPS services).
Threat Indicators: No malicious activity detected (no blacklists, Tor, or known attacker associations).

---

2. Observed Activity

Service Configuration:

- Nginx server (1.24.0) with TLS 1.3 certificate (Let’s Encrypt, subject: `appdados.com`).

- Open ports: 80 (HTTP), 443 (HTTPS), 22 (SSH).

- 502 Bad Gateway error detected, suggesting potential backend misconfiguration or service disruption.

DNS:

- PTR record: `vmi3018492.contaboserver.net`.

- No SPF/DMArc records, which may indicate weak email security.

TLS:

- Valid certificate with SANs (`appdados.com`, `www.appdados.com`).

---

3. Network Relationships

Linked Entities:

- Subnet: `173.249.0.0/19` (owned by Contabo).

- Hostname: `vmi3018492.contaboserver.net` (Contabo cloud instance).

Control Plane:

- BGP prefix: `173.249.0.0/23`, no route stability issues.

- DNSSEC valid, no CAA records.

---

4. Neighborhood Analysis

Subnet: `173.249.0.104/24` (clean, abuse density: 0%).
Neighbors:

- One sibling IP (`173.249.0.223`) with moderate risk score (50).

- No immediate threats in the subnet.

---

5. Recommendations

Monitor: Track the 502 Bad Gateway error and investigate backend service health.
Secure DNS: Enable SPF/DMArc for email security on `appdados.com`.
Watch Neighbor: Monitor `173.249.0.223` for potential lateral movement or shared infrastructure risks.
Firewall: Allow necessary ports (80, 443, 22) but block unused ports to minimize attack surface.

---

Conclusion: This IP represents a legitimate cloud server with no current malicious indicators. However, the 502 error and DNS configuration gaps warrant further investigation. No immediate mitigation is required, but ongoing monitoring is advised.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	BY
City	Nuremberg
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	Johannes Selg
ASN	AS51167
Network Name	CONTABO
CIDR Block	173.249.0.0/19
RIR	ARIN
Country	DE
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	vmi3018492.contaboserver.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`vmi3018492.contaboserver.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	0/2 domains
DMARC	0/2 domains
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured
Domains Checked	2 domains

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Tier 3 — Basic operator with some routing infrastructure

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	nginx/1.24.0 (Ubuntu)
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16

🔐 TLS Certificate

🔒

CN=appdados.com

Issued by CN=E7, O=Let's Encrypt, C=US

Self-signed: No

SANs	appdados.comwww.appdados.com
Valid From	2026-05-28T13:10:27+00:00
Valid Until	2026-08-26T13:10:26+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha384ECDSA
Validity Period	89 days
Serial Number	0684A44FFB02357A3748FB668196B4738818
Thumbprint	5BBA1BD91801583B69EB4900DF45D3CF830D582F

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	4
routing	13%	1	1
services	27%	2	3
ownership	27%	2	3
reputation	22%	1	3
geolocation	24%	2	3
Overall	23%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-30 00:19:41 UTC
Last Seen	2026-06-29 06:57:33 UTC
Profile Built	2026-06-29 07:03:18 UTC
Data Freshness	Live
Signal Types	25
Total Observations	26

🔍 25 signal types · 26 observations collected

This report is generated from 25+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

173.249.0.104📋 Copy

**1. IP Profile**

**2. Observed Activity**

**3. Network Relationships**

**4. Neighborhood Analysis**

**5. Recommendations**