185.202.223.106
# IP Intelligence Briefing: 185.202.223.106/32
Classification: Cloud Computing Infrastructure (Low Risk)
Report Date: 2026-06-19
Risk Score: 25 / 100 (Low Risk)
## Executive Summary
IP address 185.202.223.106 is a Contabo cloud hosting VPS located in Germany. The IP exhibits low-risk characteristics with no active threat indicators. While the subnet shows moderate abuse density (0.5), this specific address maintains a clean profile.
## Technical Profile
Network Identity:
- ASN: 51167 (Contabo)
- Organization: Johannes Selg
- CIDR Block: 185.202.223.0/24
- Infrastructure Type: CloudCompute, Hosting
Geolocation:
- Country: Germany (DE)
- Region: Grand Est
- City: Lauterbourg
- Coordinates: 51.17°N, 10.45°E
DNS Resolution:
- PTR Record: vmi2895726.contaboserver.net
- Forward Resolution: vmi2895726.contaboserver.net
- Forward Confirmed: Yes
Open Services:
| Port | Protocol | Service |
|---|---|---|
| 80 | TCP | HTTP |
| 443 | TCP | HTTPS |
| 22 | TCP | SSH |
TLS Certificate:
- Issuer: CN=TRAEFIK DEFAULT CERT
- Subject: CN=TRAEFIK DEFAULT CERT
- Status: Self-signed certificate detected
## Threat Assessment
Threat Indicators: None
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Blacklist Count: 0
- DNSBL Listed: 1 of 8 lists
Network Role Classification:
- Cloud Infrastructure: Yes
- CDN: No
- VPN/Proxy: No
- Tor Network: No
- Mobile/Residential: No
## Neighborhood Analysis (185.202.223.0/24)
- Abuse Density: 0.5 (50%)
- Classification: Mostly Clean
- Active Siblings: 2
- Threat Siblings: 1
- Neighbor IP: 185.202.223.202 (Risk Score: 25, Authority Score: 60)
The subnet exhibits moderate abuse density but the target IP maintains a low-risk profile with a risk score of 25.
## Observation History
Total Observations: 23 signals recorded
Recent Activity:
- 2026-06-19T05:54:51: HTTP response (Status 503 - Service Unavailable), HTTP/2 enabled, SSL/TLS in use
- 2026-06-14T14:03:44: Subnet classification "mostly_clean" with abuse density 0.5
- 2026-06-14T14:00:40: Provider identification: Contabo
Temporal Analysis:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Is Persistently Malicious: No
## Relationship Graph
Total Relationships: 62
- Same Network associations
- DNS Associations: vmi2895726.contaboserver.net
## Security Recommendations
Current Risk Score: 25 (Low Risk)
Assessment: No immediate blocking action recommended. The IP represents standard cloud hosting infrastructure.
Monitoring Considerations:
1. The SSH service on port 22 should be monitored for unauthorized access attempts
2. Self-signed TLS certificate may indicate less rigorous security practices
3. Occasional HTTP 503 responses suggest service instabilityβverify if expected
Firewall Rules: Not applicable based on current risk profile
## Conclusion
IP 185.202.223.106 represents a legitimate Contabo cloud VPS with no active malicious indicators. The low risk score, lack of blacklist presence, and clean threat profile indicate this is not a threat actor infrastructure. Standard monitoring is appropriate; no immediate defensive action required.
---
*Intelligence compiled via IPDebrief API*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | β |
| CIDR Block | 185.202.223.0/24 |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | vmi2895726.contaboserver.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | vmi2895726.contaboserver.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | 0/2 domains |
| DMARC | 0/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
π TLS Certificate
| SANs | 0789c8ddcbba53885f74723e027be4f6.4801a0c223da818a7817aa4da49b7168.traefik.default |
| Valid From | 2026-06-25T00:02:53+00:00 |
| Valid Until | 2027-06-25T00:02:53+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_128_GCM_SHA256 |
| Signature Algorithm | sha256RSA |
| Validity Period | 365 days |
| Serial Number | 00A4CD84153551FFB829EFABE1E49F4583 |
| Thumbprint | 81AE8F69F58FCDC964A242F5A3A16B798BEA27C4 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 32% | 2 | 3 |
| ownership | 35% | 3 | 5 |
| reputation | 26% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 30% | 12 | 21 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-09 17:41:19 UTC |
| Last Seen | 2026-06-27 16:06:26 UTC |
| Profile Built | 2026-06-28 10:12:45 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 33 |
Full dossier details are available via our API.