80.241.208.225
# IP Intelligence Briefing: 80.241.208.225
## Executive Summary
IP address 80.241.208.225 is a low-risk virtual machine instance hosted on CONTABO cloud infrastructure. The address resolves to vmi3262454.contaboserver.net and presents minimal threat indicators. Risk score of 25/100 indicates low-risk classification with no active campaign associations.
## Technical Profile
Network Ownership: ASN 51167 (CONTABO), registered to Johannes Selg under RIR RIPE. CIDR block: 80.241.208.0/21.
Geolocation: Lauterbourg, Grand Est, Germany (DE). Coordinates: 51.17°N, 10.45°E. Geolocation validation confirmed plausible with 400km accuracy radius. Round-trip time measurements: 108-113ms.
Infrastructure Classification: CloudCompute hosting environment. Single-service virtual machine instance. Not identified as CDN, VPN, proxy, or Tor exit node.
DNS Resolution: Forward resolution confirms vmi3262454.contaboserver.net. PTR record matches forward lookup. No SPF or DMARC records configured for the domain.
## Service Exposure
Port 22 (SSH) is actively listening with banner: SSH-2.0-OpenSSH_8.7. No HTTP services detected. No TLS certificates in use.
## Threat Assessment
Current Risk Level: Low Risk (Score: 25)
- Abuse Confidence Score: Not applicable
- Blacklist Status: Listed on 1 of 8 DNSBL sources
- Known Campaigns: None
- Known Attacker Status: False
- Spam Source Status: False
- Tor Exit Node Status: False
DNSBL Analysis: Single listing detected across 8 total blacklist sources. No correlation to active threat campaigns.
## Network Neighborhood
Subnet analysis for 80.241.208.0/24:
- Subnet Classification: Mostly Clean
- Abuse Density: 0.5 (moderate)
- Total Siblings: 2
- Active Siblings: 1
- Threat Siblings: 1
Neighbor IP: 80.241.208.124 (Risk Score: 25, Authority Score: 60). This sibling represents a low-risk CONTABO deployment.
## Relationship Graph
Primary associations:
- CONTABO network infrastructure (multiple network-level associations)
- Hostname: vmi3262454.contaboserver.net (DNS association)
No evidence of shared infrastructure with malicious entities or campaign coordination.
## Historical Analysis
Signal observation history shows 20 recent observations with no persistent malicious behavior. Key findings:
- Ownership stability: No ownership changes detected
- Threat persistence: Not persistently malicious
- Last observation: 2026-06-16
- Geovalidation: Location claims remain plausible
Temporal analysis indicates stable ownership and no escalation in threat activity over the observation window.
## Recommended Actions
Network Defense:
- No immediate blocking recommended based on current risk profile
- Monitor port 22 SSH traffic for anomalous connection attempts
- Consider standard CONTABO infrastructure monitoring practices
Threat Monitoring:
- Track DNSBL listing status for any changes
- Monitor for new campaign correlations
- Watch subnet 80.241.208.0/24 for abuse density changes
Classification:
- Mark as Cloud Compute Infrastructure (CONTABO)
- Tag with hostname: vmi3262454.contaboserver.net
- Current classification: Low Risk / Single-Service Host
## Conclusion
IP 80.241.208.225 represents a legitimate CONTABO cloud virtual machine with minimal threat indicators. The address shows no evidence of malicious activity, campaign participation, or infrastructure sharing with known bad actors. Standard monitoring and CONTABO-specific infrastructure awareness apply. No immediate defensive actions required beyond normal operational procedures for cloud hosting providers.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | CONTABO |
| CIDR Block | 80.241.208.0/21 |
| RIR | RIPE |
| Country | DE |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi3262454.contaboserver.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vmi3262454.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.7 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 17% | 1 | 1 |
| services | 24% | 2 | 2 |
| ownership | 35% | 2 | 3 |
| reputation | 17% | 1 | 2 |
| geolocation | 35% | 2 | 3 |
| Overall | 27% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-06-14 14:14:25 UTC |
| Last Seen | 2026-06-21 22:12:47 UTC |
| Profile Built | 2026-06-21 22:15:06 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 22 |
Full dossier details are available via our API.