185.2.101.118

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: 185.2.101.118/32

## EXECUTIVE SUMMARY

IP 185.2.101.118 is a low-risk web server hosted on Contabo cloud infrastructure in Germany. Current risk assessment scores 25 (Low Risk) with no active threat indicators. The IP demonstrates standard hosting behavior with no evidence of malicious activity or association with known attack campaigns.

## PROFILE SUMMARY

Classification: Cloud Compute Web Server

Provider: Contabo (ASN: 51167)

Organization: Johannes Selg

Geolocation: Lauterbourg, Grand Est, Germany (DE)

Risk Score: 25 (Low)

Reputation: Low Risk

Network Infrastructure

Infrastructure Type: Cloud Compute (Hosted)
CIDR Block: 185.2.100.0/22
DNS Classification: contaboserver.net (VMI: vmi3246496)
Network Role: Web Server

Open Ports & Services

Port	Protocol	Service
80	TCP	HTTP
443	TCP	HTTPS
22	TCP	SSH

SSH Banner indicates OpenSSH 9.2p1 Debian-2+deb12u10. TLS certificate and HTTP title data unavailable.

## THREAT INDICATORS

Current Threat Status: CLEAN

Threat Indicators: None detected

Blacklist Status: Listed on 1 of 8 DNSBLs

Known Campaigns: None associated

Is Tor Exit: No

Is Known Attacker: No

Is Spam Source: No

Control Plane Analysis

Operator Score: 0.2609 (Basic)
DNSBL Listings: 1/8 lists
Route Stability: Unstable
BGP Prefix: 185.2.100.0/22
RPKI State: Not verified

## NEIGHBORHOOD ANALYSIS

Subnet: 185.2.101.0/24

Abuse Density: 0.6667 (Mixed)

Total Siblings: 3

Threat Siblings: 2

Neighboring IPs:

IP Address	Risk Score	Authority Score	Classification
185.2.101.67	25	60	Low Risk
185.2.101.202	25	60	Low Risk

All neighbors show consistent risk profiles with no high-risk indicators. Subnet classification: mostly_clean.

## OBSERVATION HISTORY

Total Observations: 25 signals

Observation Period: Recent (2026-06-17)

Recent Signal Activity:

DNS resolution confirmed to vmi3379782.contaboserver.net (95% confidence)
Port scanning activity detected (80, 443, 22, and others)
TLS/HTTP service scanning (connection failures observed)
Operator scoring signals (Basic classification, 3/8 signals)
Full profile scoring (6/6 dimensions covered, 25.9% confidence)

No persistent malicious behavior detected. Threat persistence: 0 days.

## RELATIONSHIP GRAPH

Total Relationships: 47

Primary Associations:

DNS Associations: vmi3246496.contaboserver.net (multiple records)
Network Association: CONTABO
Infrastructure: Shared hosting environment

No organization-level or certificate-based relationships detected. Campaign correlation: None.

## RECOMMENDED ACTIONS

Security Recommendations: None required

Firewall Rules: Not recommended for blocking

Risk Level: Acceptable for monitoring

Analysis: The IP demonstrates standard web hosting behavior with no malicious indicators. The single DNSBL listing requires investigation but does not constitute active threat. Standard logging and monitoring recommended; no blocking or rate-limiting actions advised based on current risk profile.

## ASSESSMENT

IP 185.2.101.118 represents normal cloud hosting infrastructure with no evidence of malicious activity. The Contabo hosting environment shows consistent low-risk behavior across the /24 subnet. No immediate security actions required. Continue standard monitoring practices.

---

*Intelligence generated from IPDebrief threat analysis platform. Data accuracy depends on signal availability and freshness.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	Grand Est
City	Lauterbourg
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	Johannes Selg
ASN	AS51167
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	vmi3246496.contaboserver.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`vmi3379782.contaboserver.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u10
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	—
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u10

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	29%	2	4
routing	13%	1	1
services	29%	2	4
ownership	24%	2	3
reputation	31%	1	3
geolocation	21%	2	2
Overall	24%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:01 UTC
Last Seen	2026-06-27 02:29:19 UTC
Profile Built	2026-06-27 20:36:40 UTC
Data Freshness	Live
Signal Types	23
Total Observations	28

🔍 23 signal types · 28 observations collected

This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

185.2.101.118📋 Copy