173.249.41.141
IP Intelligence Briefing: 173.249.41.141
Date: 2026-05-31
1. Core Profile
- Risk Score: 25 (Low Risk)
- Provider: Contabo (Cloud Hosting)
- Geolocation: Germany (DE), Lauterbourg, 51.17°N, 10.45°E
- Ownership: Registered to Johannes Selg (ASN 51167)
- Network Role: CloudCompute instance (Hosting provider: Contabo)
- Threat Indicators: No malicious activity detected (no spam, phishing, or known attacker associations).
2. Observational History
- Recent Activity: 17 observations over 30 days, with minimal risk fluctuations.
- Key Signals:
- Geolocation inferred via multi-signal inference (confidence: 52%).
- Operator score: 0.13 (Minimal risk).
- DNSSEC valid, no CAA records.
- Trends: No persistent malicious behavior or network instability.
3. Relationships & Network Context
- DNS Associations: Linked to `vmi3183382.contaboserver.net` (Contabo-hosted VM).
- Subnet: 173.249.41.0/24.
- Neighbors:
- 1 high-risk neighbor (173.249.41.171, risk score: 50).
- Subnet abuse density: 1 (mostly clean).
4. Actionable Insights
- Neighbor Risk: Monitor 173.249.41.171 for potential threats.
- Network Segmentation: Isolate Contabo-hosted instances to limit lateral movement.
- DNS Monitoring: Track `vmi3183382.contaboserver.net` for anomalous DNS behavior.
- Threat Correlation: Cross-reference with known Contabo infrastructure for potential compromises.
5. Recommendations
- SOC Actions:
- Add 173.249.41.171 to watchlist for further analysis.
- Ensure DNS monitoring tools flag Contabo subdomains for suspicious activity.
- Validate geolocation consistency for this subnet.
- Firewall Rules:
- Consider blocking 173.249.41.171 if it persists as a high-risk entity.
Conclusion:
173.249.41.141 is a low-risk cloud instance with no direct malicious indicators. However, the presence of a high-risk neighbor in the same subnet warrants closer scrutiny to mitigate potential lateral threats.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi3183382.contaboserver.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vmi3339197.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 11% | 1 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 21% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 21:39:26 UTC |
| Last Seen | 2026-06-28 09:43:00 UTC |
| Profile Built | 2026-06-29 03:48:09 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 23 |
Full dossier details are available via our API.