# IP INTELLIGENCE BRIEFING: 173.249.27.189/32
Classification: Low Risk
Risk Score: 25
Report Date: 2026-06-27
## Executive Summary
IP 173.249.27.189 is classified as low risk with a risk score of 25. The address is assigned to Contabo (ASN 51167) as cloud hosting infrastructure located in Lauterbourg, Germany. No active threat indicators, campaigns, or malicious activity were detected during analysis.
## Ownership and Infrastructure
- Organization: Johannes Selg
- ASN: 51167 (Contabo)
- RIR: ARIN
- Infrastructure Type: Cloud Compute
- Connection Type: Hosted/Virtual Machine
- DNS Resolution: vmi3097878.contaboserver.net
## Geolocation Data
- Country: Germany (DE)
- Region: Grand Est
- City: Lauterbourg
- Coordinates: 51.17°N, 10.45°E
- Timezone: Europe/Berlin
- Accuracy Radius: 400km
## Threat Assessment
Threat Indicators: None detected
- Abuse Confidence Score: Not applicable
- Known Attacker: False
- Spam Source: False
- Tor Exit Node: False
- Blacklist Count: 0
- Known Campaigns: None
DNSBL Status: Listed on 1 of 8 total DNSBL lists
Control Plane: DNSSEC valid; BGP prefix 173.249.26.0/23
## Network Classification
- Provider: Contabo
- Infrastructure Role: Cloud hosting / Virtual machine
- Open Ports: None detected (firewalled/no services)
- Network Classification: Cloud compute infrastructure
## Subnet Neighborhood Analysis
Subnet: 173.249.27.189/24
- Abuse Density: 1 (low)
- Classification: Mostly clean
- Total Siblings: 1
- Active Siblings: 1
- Threat Siblings: 1
No concerning patterns observed within the /24 neighborhood.
## Observation History
Analysis of 24 historical observations indicates stable, low-risk behavior:
- Latest Observation (2026-06-27): Minimal threat classification, 0 raw score
- Previous Observation (2026-06-19): Basic classification, 0.3 operator score
- Threat Persistence: 0 days
- Status: Not persistently malicious
No significant threat escalation detected over the observation period.
## Recommended Security Actions
Action Priority: Monitor
- Risk Level: Low
- Recommended Action: No immediate blocking required. Standard network hygiene applies.
- Firewall Rules: Not generated (risk score below threshold)
## Intelligence Narrative
IP 173.249.27.189 represents Contabo cloud hosting infrastructure deployed in Germany. The address resolves to a virtual machine instance (vmi3097878.contaboserver.net) with no open services detected, indicating proper firewall hardening. Threat intelligence feeds show no malicious activity, campaign associations, or attacker signatures. The IP maintains consistent low-risk behavior across observation periods with zero threat persistence.
The subnet demonstrates minimal abuse density with only one active sibling IP. While listed on one DNSBL, this is an isolated occurrence without correlation to active threat campaigns. The IP's classification as cloud compute hosting aligns with legitimate infrastructure usage patterns for Contabo services.
Assessment: This IP presents no immediate threat to network security and may be allowed with standard network monitoring. No blocking or mitigation actions are recommended at this time.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi3097878.contaboserver.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vmi3097878.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 22% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 17% | 2 | 3 |
| reputation | 24% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 20% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-12 21:54:15 UTC |
| Last Seen | 2026-06-27 22:03:16 UTC |
| Profile Built | 2026-06-28 22:08:49 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.