IP Intelligence Briefing: 194.163.136.225
*Generated via IPDebrief Threat Intelligence Platform*
---
**Key Risk Profile**
- Risk Score: Moderate (50/100)
- Provider: Contabo (AS51167)
- Geolocation: Munich, Germany (51.17°N, 10.45°E)
- Network Role: Cloud compute instance (hosted by Contabo)
- Threat Indicators: No active malicious indicators, spam, or known attacker associations.
---
**Subnet & Neighborhood Analysis**
- Subnet: 194.163.136.0/24
- Abuse Density: 66.67% (high risk of compromised neighbors)
- Neighbors:
- 194.163.136.187: Risk score 59 (high risk)
- 194.163.136.202: Risk score 25 (medium risk)
- Inherited Risk: 5 (substantial risk from neighboring IPs).
---
**Observation History**
- Recent Activity:
- Stable ownership (no recent changes).
- No persistent malicious behavior detected.
- High abuse density in subnet suggests potential for lateral movement or compromised infrastructure.
---
**Relationships & DNS**
- DNS Associations:
- Linked to `vmi3297696.contaboserver.net` (multiple associations).
- No email authentication (SPF/DKIM) detected.
- Network Connections:
- BGP route stable but with low operator score (Basic).
- DNSSEC validated, but no CAA records.
---
**Actionable Threat Insights**
1. Monitor Subnet: The high abuse density in the subnet (194.163.136.0/24) warrants closer inspection. The neighbor at 194.163.136.187 (risk score 59) is a critical point of interest.
2. Investigate DNS Misconfigurations: Multiple DNS associations with the same hostname (`contaboserver.net`) may indicate shared hosting or misconfigured servers.
3. Check for Lateral Movement: The inherited risk score suggests potential for compromised infrastructure within the subnet.
4. Validate Cloud Hosting: Contabo-hosted instances may require additional scrutiny, especially given the subnetβs abuse density.
---
Recommendation:
- Block or monitor high-risk neighbors (e.g., 194.163.136.187) using firewall rules.
- Validate DNS configurations and ensure email authentication (SPF/DKIM) is implemented.
- Continuously monitor the subnet for unusual activity or changes in abuse density.
*Generated by IPDebrief β Threat Intelligence for SOC Analysts*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | CONTABO |
| CIDR Block | 194.163.128.0/19 |
| RIR | RIPE |
| Country | DE |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | vmi3297696.contaboserver.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | vmi3297696.contaboserver.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 21% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-27 07:17:22 UTC |
| Last Seen | 2026-06-29 03:56:08 UTC |
| Profile Built | 2026-06-29 04:03:04 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 23 |
Full dossier details are available via our API.