5.189.145.42
## IPDEBRIEF INTELLIGENCE BRIEFING
Target IP: 5.189.145.42/32
Classification: Moderate Risk (Score: 40)
Report Date: 2026-06-19
---
Executive Summary
Target IP 5.189.145.42 is a cloud-hosted web server registered to Contabo (ASN 51167) in Nuremberg, Germany. The IP exhibits moderate risk characteristics with a risk score of 40, primarily driven by hosting infrastructure classification and DNS blacklist associations. No persistent malicious behavior detected in observation history.
---
Ownership & Infrastructure
- Organization: Johannes Selg / Contabo
- ASN: 51167 (RIPE Registry)
- CIDR Block: 5.189.144.0/20
- Infrastructure Type: CloudCompute / Hosting
- Registration Age: 5,847 days (approx. 16 years)
- RPKI Status: Valid DNSSEC
---
Geolocation
- Country: Germany (DE)
- City: Nuremberg (BY)
- Coordinates: 51.17°N, 10.45°E
- Geo Confidence: Plausible with 400km accuracy radius
- RTT: 111-113ms average from probe locations
---
Network Services & Fingerprinting
- Open Ports: 22/SSH, 80/HTTP, 443/HTTPS
- SSH Version: OpenSSH 8.9p1 Ubuntu-3ubuntu0.15
- Web Server: Apache (HTTP/2 enabled)
- TLS Certificate: Let's Encrypt (R12), issued for abdiha.com.ng
- DNS Resolution: vmi1556368.contaboserver.net (forward confirmed)
---
Threat Indicators
- DNSBL Listings: 2 of 8 total blacklists
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Abuse Confidence Score: Not elevated
- Campaign Correlation: None identified
- Threat Persistence: 0 days observed
---
Neighborhood Analysis (5.189.145.0/24)
- Abuse Density: 1 (mostly clean)
- Total Siblings: 1
- Active Siblings: 0
- Threat Siblings: 1
- Classification: Mostly clean subnet with minimal abuse activity
---
Relationship Graph
- Network Associations: 46 relationships identified
- Primary Network: CONTABO (multiple associations)
- DNS Hostname: vmi1556368.contaboserver.net
- No elevated correlation with malicious campaigns
---
Recommendation & Actions
Risk Assessment: Moderate (40/100) โ Probable false positive or low-impact hosting service.
Recommended Actions:
- Firewall: Implement blocking rule if additional correlation with threat activity exists
- Monitoring: Track for escalation in threat indicators
- Context: Infrastructure is standard VPS hosting with no persistent malicious signals
Suggested Rules:
```bash
# iptables
iptables -A INPUT -s 5.189.145.42 -j DROP
# nftables
nft add rule inet filter input ip saddr 5.189.145.42 drop
# Cloudflare WAF
action: block
expression: ip.src eq 5.189.145.42
```
---
Intelligence Narrative
IP 5.189.145.42 represents a standard Contabo VPS instance hosting web services (abdiha.com.ng). The moderate risk score derives from hosting infrastructure classification and DNSBL associations rather than active threat behavior. Observation history shows consistent web server characteristics without escalation in threat indicators. The subnet exhibits minimal abuse density, and no persistent malicious activity detected across 27 observations. SOC analysts should treat as low-priority unless correlated with additional threat intelligence indicating abuse.
Classification: LOW THREAT โ Standard hosting infrastructure with moderate risk score due to blacklist associations.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | โ |
| CIDR Block | 5.189.144.0/20 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi1556368.contaboserver.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vmi1556368.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | 0/2 domains |
| DMARC | 0/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Apache |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
๐ TLS Certificate
CN=abdiha.com.ng was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.| SANs | abdiha.com.ng |
| Valid From | 2025-10-13T20:02:11+00:00 |
| Valid Until | 2026-01-11T20:02:10+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 054B17E5B81536721B8689EC556321F1095A |
| Thumbprint | 0909CB3603A8F0F165F81FAA2D9B5CF1098327D7 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 24% | 2 | 3 |
| services | 30% | 2 | 3 |
| ownership | 22% | 3 | 4 |
| reputation | 24% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 27% | 12 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-12 21:55:32 UTC |
| Last Seen | 2026-06-27 22:10:31 UTC |
| Profile Built | 2026-06-28 16:15:31 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 31 |
Full dossier details are available via our API.