62.171.187.140
# IP Intelligence Briefing: 62.171.187.140
## Executive Summary
IP address 62.171.187.140 was analyzed and classified as Low Risk with a risk score of 25/100. The endpoint is associated with Contabo cloud hosting infrastructure in Nuremberg, Germany, operating as a virtual machine instance (vmi3030104.contaboserver.net). No active threat indicators, open services, or malicious activity were detected during the analysis period.
## Ownership and Infrastructure Profile
- ASN: 51167 (CONTABO)
- Organization: Johannes Selg
- Network: 62.171.160.0/19
- RIR: RIPE
- Provider: Contabo
- Infrastructure Type: CloudCompute/Hosting
- Geolocation: Nuremberg, Bavaria (DE), 51.17°N, 10.45°E
The IP resolved to hostname vmi3030104.contaboserver.net with forward DNS confirmation. The endpoint is registered under the CONTABO brand and operates as a cloud-based hosting service.
## Network Role and Services Analysis
Network classification identified the endpoint as a cloud-hosted virtual machine with no detected open services. The service purpose is listed as "Firewalled / No Services," indicating the endpoint is not actively exposing ports to the internet. No HTTP servers, TLS certificates, or service banners were observed during probing.
## Threat Intelligence Assessment
Threat indicators analysis yielded no positive matches:
- Known Attacker: Not identified
- Tor Exit Node: No
- Spam Source: Not identified
- Blacklist Count: 0
- DNSBL Listed: 1 of 8 threat lists
- Known Campaigns: None correlated
The endpoint does not appear in Pulsedive threat feeds or other active threat intelligence sources. No abuse confidence scores were assigned due to lack of malicious signal activity.
## Control Plane and Routing Analysis
- BGP Prefix: 62.171.186.0/23
- Origin ASN: 51167
- Route Stability: Inconsistent (isRouteStable: false)
- RPKI State: Not validated
- IRR Consistency: Not validated
- Route Changes (30d): 0
- DNSSEC Valid: true
- Operator Score: 0.2609 (Basic classification)
The control plane data indicates stable ownership with no recent route modifications. DNSSEC validation is enabled for the associated domain.
## Neighborhood and Subnet Analysis
The /24 subnet 62.171.187.140/24 shows:
- Abuse Density: 0 (clean classification)
- Active Siblings: 1
- Threat Siblings: 0
- Inherited Risk: 0
The subnet exhibits low abuse density with no neighboring IPs flagged as threats, supporting the clean classification of the target endpoint.
## Historical Signal Observations
Analysis of 25 historical observations spanning the monitoring period revealed:
- Latest Signal: 2026-06-21T07:03:30 UTC
- Operator Label: Basic
- Signal Confidence: 0.60
- Threat Persistence: 0 days
- Ownership Changes: 0
The observation history shows consistent operator labeling without escalating threat signals. No evidence of persistent malicious activity or behavioral changes over the observation window.
## Relationship Graph Analysis
The endpoint maintains 26 relationship connections, primarily:
- Same Network Associations: Multiple links to CONTABO network infrastructure
- DNS Associations: 12 relationships to hostname vmi3030104.contaboserver.net
No direct IP-to-IP relationships or certificate associations were identified beyond the hosting infrastructure context.
## Comparative Analysis
Comparison with adjacent IP 62.171.187.141 revealed:
- Same Provider: true (Contabo)
- Same Organization: false
- Same Country: false
- Same Subnet: false
- Risk Delta: 25 (target: 25, comparison: 0)
The comparison indicates both endpoints operate under the same provider but exhibit different risk profiles and organizational associations.
## Security Recommendations
No specific firewall rules or security actions were generated due to the low-risk classification. The endpoint is classified as clean with no actionable threat indicators requiring immediate mitigation.
## Conclusion
IP 62.171.187.140 represents a standard Contabo cloud hosting endpoint with no malicious indicators. The low risk score (25), clean subnet classification, and absence of threat intelligence matches support continued monitoring without immediate blocking. SOC analysts may include this IP in allow-lists or apply permissive firewall rules while maintaining standard monitoring practices.
Report Generated: 2026-06-21
Analyst Classification: Low Risk
Action Required: None
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | CONTABO |
| CIDR Block | 62.171.160.0/19 |
| RIR | RIPE |
| Country | DE |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi3030104.contaboserver.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vmi3030104.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 15% | 1 | 2 |
| geolocation | 30% | 2 | 3 |
| Overall | 22% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-31 23:34:40 UTC |
| Last Seen | 2026-06-21 07:02:54 UTC |
| Profile Built | 2026-06-21 07:13:24 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 24 |
Full dossier details are available via our API.