194.163.141.90
# IP Intelligence Briefing: 194.163.141.90/32
Classification: Low Risk β Standard Cloud Hosting Infrastructure
Date of Analysis: 2026-06-20
Prepared For: SOC Operations
---
## Executive Summary
IP address 194.163.141.90 is a low-risk cloud hosting endpoint operated by Contabo (ASN 51167). The IP resolves to a virtual machine (vmi1322867.contaboserver.net) in Düsseldorf, Germany. While individual risk metrics indicate minimal threat, the /24 subnet exhibits elevated abuse density, suggesting shared hosting infrastructure with multiple active virtual machines. No active malicious indicators were observed during analysis.
---
## Infrastructure Profile
Ownership & Provider:
- ASN: 51167 (Contabo)
- Organization: Johannes Selg
- RIR Registry: RIPE
- Infrastructure Type: CloudCompute / Multi-Service Host
- Cloud Provider: Yes (Contabo VPS infrastructure)
Geolocation:
- Country: Germany (DE)
- Region: Northwest (NW)
- City: Düsseldorf
- Coordinates: 51.17°N, 10.45°E
- Timezone: Europe/Berlin
- Accuracy Radius: 400 km
Network Classification:
- BGP Prefix: 194.163.128.0/18
- Origin ASN: 51167
- Connection Type: Cloud-hosted
- Anycast: No
- Mobile/Residential: No
---
## DNS & Service Analysis
DNS Records:
- PTR Hostname: vmi1322867.contaboserver.net
- Forward DNS: contaboserver.net
- Forward Resolution Confirmed: Yes
- Email Authentication (SPF/DMARC): Not configured
- TXT Record Count: 0
Open Services:
| Port | Protocol | Service | Banner Details |
|---|---|---|---|
| 80 | TCP | HTTP | Apache/2.4.41 (Ubuntu) |
| 22 | TCP | SSH | SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.7 |
HTTP Fingerprint:
- HTTP Version: 1.1
- Server Header: Apache/2.4.52
- Response Time: 240ms
- HSTS/CSP: Not enabled
---
## Threat Indicators Assessment
| Indicator Type | Status | Details |
|---|---|---|
| Tor Exit Node | No | Verified |
| Known Attacker | No | No matches |
| Spam Source | No | Verified |
| Blacklist Count | 0 | Clean |
| DNSBL Listed | 1/8 | Minimal listing |
| Reputation Score | 25 | Low Risk |
| Abuse Confidence | Null | Insufficient data |
Campaign Correlation:
- Likelihood: None
- CERT Matches: 0
- Correlated IPs: 0
---
## Neighborhood Analysis (/24 Subnet)
Subnet: 194.163.141.0/24
Abuse Density: 0.6667 (High)
Classification: Mostly Clean
Total Siblings: 3
Active Siblings: 3
Threat Siblings: 2
Neighbor Risk Distribution:
- High Risk: 0
- Medium Risk: 0
- Low Risk: 2
Identified Neighbors:
| IP Address | Risk Score | Authority Score |
|---|---|---|
| 194.163.141.39 | 25 | 60 |
| 194.163.141.96 | 25 | 60 |
*Note: High abuse density suggests shared hosting environment with multiple VMs. Individual IPs maintain low risk scores despite subnet-level activity.*
---
## Control Plane & Route Stability
- Route Stable: No (0 changes in 30 days)
- RPKI State: Not validated
- IRR Consistency: Not verified
- DNSSEC: Valid
- Delegation Age: Unknown
---
## Observation History
Total Observations: 22 signals
Latest Observation: 2026-06-20 13:44:44 UTC
Key Historical Signals:
- Subnet abuse density consistently at 0.6667
- No ownership changes observed
- No threat persistence detected
- No persistent malicious activity flagged
- Cloud infrastructure classification stable
---
## Recommended Actions
Risk Score: 25 (Low)
Recommended Action: Monitor
Firewall Rules: None required at this time
Actionable Guidance:
1. No immediate blocking required; risk score below threshold for aggressive action
2. Monitor for changes in DNSBL listings or risk score escalation
3. Be aware of shared hosting environmentβtraffic may be associated with other VMs in /24
4. Standard logging recommended for baseline traffic analysis
---
## Conclusion
194.163.141.90 represents standard cloud hosting infrastructure with no active threat indicators. The low risk score (25) and absence of blacklist entries support continued monitoring rather than defensive action. However, the elevated abuse density within the /24 subnet warrants awareness that related IPs may exhibit higher risk profiles. No immediate security action recommended.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | β |
| CIDR Block | β |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | vmi1322867.contaboserver.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | vmi1322867.contaboserver.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Multi-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 443, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | Apache/2.4.41 (Ubuntu) |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.7 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 26% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-21 20:59:52 UTC |
| Last Seen | 2026-06-28 15:42:10 UTC |
| Profile Built | 2026-06-29 03:45:50 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 25 |
Full dossier details are available via our API.