5.189.176.170

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: 5.189.176.170/32

Classification: LOW RISK / WEB HOSTING INFRASTRUCTURE

Date of Analysis: 2026-06-20

Primary Data Source: IPDebrief Intelligence Platform

---

## EXECUTIVE SUMMARY

IP 5.189.176.170 is a low-risk web server operating within the Contabo cloud computing infrastructure in Germany. The address exhibits standard hosting characteristics with Apache-based web services and SSH access. Risk assessment yields a score of 25 (Low Risk), with one DNSBL listing out of 8 total lists. The IP demonstrates stable network routing with no evidence of persistent malicious activity.

---

## OWNERSHIP & INFRASTRUCTURE

Organization: Johannes Selg

ASN: 51167 (Johannes Selg, RIPE NCC)

Provider: Contabo

Infrastructure Type: Cloud Computing

Location: Nuremberg, Germany (51.17°N, 10.45°E)

CIDR Block: 5.189.176.0/20

Registration Date: 2010-06-11 (ASN allocated)

The IP is hosted on Contabo's cloud infrastructure, indicated by the hostname vmi2890222.contaboserver.net. The BGP path demonstrates stable routing (2152 → 3356 → 51167) with route stability confirmed.

---

## NETWORK SERVICES & FINGERPRINTING

Open Ports:

Port 80/TCP: HTTP (Apache 2.4.58)
Port 443/TCP: HTTPS (OpenSSL 1.1.1w, PHP 8.2.12)
Port 22/TCP: SSH (OpenSSH 9.6p1 Ubuntu-3ubuntu13.16)

Web Server Details:

Server Banner: Apache/2.4.58 (Unix) OpenSSL/1.1.1w PHP/8.2.12
TLS Certificate: Self-signed, issued by Apache Friends Berlin
HTTP Status: 302 (Redirect) observed in recent scans
HTTP Version: 1.1

DNS Resolution:

PTR Record: vmi2890222.contaboserver.net
Forward Resolution: Confirmed
DNSSEC: Valid
No SPF/DMARC records configured

---

## THREAT ASSESSMENT

Overall Risk Score: 25 (Low Risk)

Reputation: Low Risk

Abuse Confidence Score: Not applicable

Known Attacks/Indicators: None detected

Blacklist Status: 1 of 8 DNSBLs

Tor Exit Node: No

Known Attacker: No

Spam Source: No

Threat Indicators:

No active threat indicators
No known campaigns associated
No persistent malicious behavior observed
Threat observation count: 1

---

## NEIGHBORHOOD ANALYSIS

Subnet: 5.189.176.0/24

Abuse Density: 1 (Low)

Classification: Mostly Clean

Inherited Risk: 2

Total Sibling IPs: 1

Active Siblings: 1

Threat Siblings: 1

The subnet demonstrates minimal abuse activity with a single threat sibling IP. The overall neighborhood classification supports the low-risk assessment for this address.

---

## OBSERVATION HISTORY

Total Observations: 28 signals

Recent Activity: 2026-06-20 (most recent observations)

Temporal Trends:

HTTP headers consistently show Apache 2.4.58 with PHP 8.2.12
Geolocation signals confirm German origin (DE) with 52% confidence
Operator score rated as Moderate (0.5217)
No significant changes in service fingerprinting over observation period
No ownership changes detected

Signal Types Observed:

HTTP response headers and status codes
Geolocation inference
ASN and routing validation
Operator and control plane scoring
DNS and geolocation consistency checks

---

## RECOMMENDED ACTIONS

Firewall/Routing:

Standard allow rules for ports 80, 443, and 22 (if legitimate traffic expected)
No immediate blocking required based on current risk profile

Monitoring Recommendations:

Monitor for changes in TLS certificate validity
Track DNSBL listing status
Observe for any emergence of threat indicators

Threat Hunting:

No proactive threat hunting required at this time
Review sibling IP 5.189.176.x if broader subnet investigation warranted

---

## INTELLIGENCE CONCLUSION

IP 5.189.176.170 represents standard cloud hosting infrastructure with no evidence of malicious activity. The address operates as a web server within Contabo's German data center infrastructure. Current risk profile supports continued monitoring without immediate mitigation actions. SOC teams should maintain awareness of the single DNSBL listing and track for any emergence of threat indicators.

Confidence Level: High

Next Review: Standard monitoring interval

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	BY
City	Nuremberg
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	Johannes Selg
ASN	AS51167
Network Name	—
CIDR Block	5.189.176.0/20
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	vmi2890222.contaboserver.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`vmi2890222.contaboserver.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	Apache/2.4.58 (Unix) OpenSSL/1.1.1w PHP/8.2.12 mod_perl/2.0.12 Perl/v5.34.1
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16

🔐 TLS Certificate

An expired certificate for CN=localhost, O=Apache Friends, L=Berlin, S=Berlin, C=DE was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.

⚠️

CN=localhost, O=Apache Friends, L=Berlin, S=Berlin, C=DE

Issued by CN=localhost, O=Apache Friends, L=Berlin, S=Berlin, C=DE

Self-signed: Yes

SANs	None
Valid From	2004-10-01T09:10:30+00:00
Valid Until	2010-09-30T09:10:30+00:00 (expired)
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	md5RSA
Validity Period	2190 days
Serial Number	00
Thumbprint	C4C9A1DC528D41AC1988F65DB62F9CA922FBE711

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	22%	2	4
routing	24%	2	3
services	26%	2	3
ownership	27%	3	4
reputation	26%	1	3
geolocation	39%	2	3
Overall	27%	12	20

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-17 03:09:17 UTC
Last Seen	2026-06-28 04:34:46 UTC
Profile Built	2026-06-28 22:38:54 UTC
Data Freshness	Live
Signal Types	29
Total Observations	33

🔍 29 signal types · 33 observations collected

This report is generated from 29+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

5.189.176.170📋 Copy