5.189.178.126
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
IP Intelligence Briefing: 5.189.178.126
Date: June 12, 2026
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Provider: Contabo (AS51167)
- Geolocation: Lauterbourg, Grand Est, Germany (51.17°N, 10.45°E)
- Ownership: Registered to Johannes Selg, Contabo netblock (5.189.176.0/20).
- Network Role: Firewalled server, no public services detected (open ports: none).
- Threat Indicators: No malicious activity observed; no blacklists, spam, or known attacker associations.
---
**2. Observation History**
- Recent Activity (June 2026):
- Geolocation inferred via multi-signal analysis (400m accuracy radius).
- Subnet abuse density: 1/100 (mostly clean).
- No persistent threats or ownership changes detected.
- Historical Context:
- First observed in June 2026; no prior threat signals.
- BGP route stability: unstable (route changes in last 30 days).
---
**3. Relationships & Associations**
- DNS: Linked to `vmi2485999.contaboserver.net` (hosted domain: `contaboserver.net`).
- Network: Same provider (Contabo) and subnet (`5.189.178.126/24`).
- No Known Campaigns: No correlated IPs, certificates, or malicious banners.
---
**4. Neighborhood Analysis**
- Subnet: `5.189.178.126/24`
- Neighbor Risk: No active neighbors detected; subnet abuse density low (0/100).
- Isolation: IP appears isolated in its subnet, potentially a standalone server.
---
**5. Recommendations**
- Monitor: Track DNS and BGP changes for potential reconfiguration.
- Firewall: Consider blocking outbound traffic to unknown destinations unless necessary.
- Verify: Confirm Contabo server legitimacy via hostname verification (e.g., WHOIS, DNSSEC).
- Scope: No immediate action required for this IP, but maintain visibility due to moderate risk.
---
Note: No evidence of active exploitation or malicious intent. This IP is likely a legitimate Contabo-hosted server with no current threat indicators.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | CONTABO |
| CIDR Block | 5.189.176.0/20 |
| RIR | RIPE |
| Country | DE |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi2485999.contaboserver.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vmi2485999.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Apache |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.9 |
๐ TLS Certificate
CN=vmi2485999.contaboserver.net
Issued by CN=YR2, O=Let's Encrypt, C=US
Self-signed: No
| SANs | vmi2485999.contaboserver.net |
| Valid From | 2026-06-06T07:06:03+00:00 |
| Valid Until | 2026-09-04T07:06:02+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 0668B215BF213762CA7B3E2CC7FE729D423B |
| Thumbprint | E36E6322053B0215744F3FB941CC08B51B0BFA21 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 24% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 26% | 10 | 17 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-30 10:59:30 UTC |
| Last Seen | 2026-06-21 05:34:56 UTC |
| Profile Built | 2026-06-21 05:44:54 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 26 |
๐ 24 signal types ยท 26 observations collected
This report is generated from 24+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.