185.187.235.179
IPDEBRIEF INTELLIGENCE BRIEFING
Target: 185.187.235.179
Classification: Cloud Hosting Infrastructure (Low Risk)
Risk Score: 25/100
OVERVIEW
The IP address 185.187.235.179 operates on Contabo cloud infrastructure (ASN 40021) with a low-risk reputation score of 25. The asset is registered to organization Johannes Selg and resolves to hostname vmi1365041.contaboserver.net. Geolocation data indicates deployment in Germany (DE) with geographic validation discrepancies noted.
INFRASTRUCTURE PROFILE
Network classification identifies the IP as cloud hosting infrastructure with active web server services. Open ports include HTTP (80), HTTPS (443), and SSH (22). TLS certificates issued by Let's Encrypt cover multiple domains including tags.mgcounts.com, api.lcedit.com, api.terra.photos, and app.terra.photos. The reverse DNS resolves to vmi1365041.contaboserver.net with forward resolution confirmed. The server banner indicates nginx/1.18.0 running on Ubuntu.
THREAT ASSESSMENT
Current threat indicators show no active malicious campaigns, known attacker attribution, or spam source designation. Blacklist count registers at zero. Control plane analysis reveals 1 DNSBL listing across 8 total lists with an operator score of 0.2609. The IP is not classified as a Tor exit node, proxy, CDN, or VPN service. No evidence of persistent malicious behavior observed in historical records.
HISTORICAL OBSERVATIONS
Signal observation history contains 29 recorded events. Recent DNS activity shows associations with domains mgcounts.com, terra.photos, lcedit.com, and contaboserver.net. Listing signals detected with varying confidence levels across 8 blacklist sources. No escalation in threat posture identified over the observation period.
NETWORK RELATIONSHIPS
The IP maintains 50 relationships including DNS associations to vmi1365041.contaboserver.net and network associations to subnet TT-20221020. The /24 subnet (185.187.235.0/24) shows abuse density of 1 with classification marked as mostly_clean. One active sibling IP and one threat sibling IP identified within the subnet boundary.
RECOMMENDED ACTIONS
No immediate firewall rules or blocking actions recommended at this time. The low-risk profile combined with absence of active threat indicators supports continued monitoring rather than blocking. However, analysts should monitor the associated domains (tags.mgcounts.com, api.lcedit.com, api.terra.photos, app.terra.photos) for anomalous activity patterns.
SOC INTELLIGENCE SUMMARY
185.187.235.179 presents as a standard Contabo cloud hosting IP with legitimate web server operations. No active threat indicators support immediate remediation. Recommend inclusion in threat feed monitoring for associated domains and observation of subnet-level activity for any abuse density changes.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS40021 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi1365041.contaboserver.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vmi1365041.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | 0/4 domains |
| DMARC | 1/4 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 4 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.18.0 (Ubuntu) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.12 |
๐ TLS Certificate
CN=tags.mgcounts.com was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.| SANs | api.lcedit.comapi.terra.photosapp.terra.photostags.mgcounts.com |
| Valid From | 2026-02-14T04:26:11+00:00 |
| Valid Until | 2026-05-15T04:26:10+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 06D2DC7BCDD898858717AF43BE6B016283B7 |
| Thumbprint | 1AC2F1AD577D0E18106E79ADB72250E4E6AAD7EC |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 17 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-13 12:12:23 UTC |
| Last Seen | 2026-06-27 23:09:11 UTC |
| Profile Built | 2026-06-28 17:14:11 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 31 |
Full dossier details are available via our API.