158.220.126.85
## IP INTELLIGENCE BRIEFING: 158.220.126.85/32
Classification: Cloud Compute Infrastructure (Contabo GmbH)
Risk Assessment: LOW RISK (Score: 25/100)
Report Date: 2026-06-18
Analysis Scope: Full profile, historical signals, relationship graph, and neighborhood analysis
---
EXECUTIVE SUMMARY
IP address 158.220.126.85 operates as a Contabo cloud compute infrastructure instance located in Lauterbourg, Grand Est, DE. The IP maintains a low-risk profile with a reputation score of 25. No active malicious campaigns, known attacker associations, or spam source indicators were detected. The address resolves to a single virtual machine identifier (vmi2939225.contaboserver.net) with SSH service active on port 22.
INFRASTRUCTURE PROFILE
Provider: Contabo GmbH (ASN: 51167)
Infrastructure Type: CloudCompute/Hosting
CIDR Block: 158.220.112.0/20
IP Classification: Single-Service Host
Geolocation Data:
- Primary Location: Lauterbourg, Grand Est, Germany (DE)
- Geographic Consensus: Validated (5 probe sources)
- Distance from claimed coordinates: 401.9 km
- Average RTT: 108.8 ms
NETWORK SERVICES
Open Ports:
- TCP/22 (SSH): Open, banner indicates OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
- No HTTP/HTTPS services detected
DNS Resolution:
- PTR Record: vmi2939225.contaboserver.net
- Forward Resolution: Confirmed
- Hosted Domain Count: 0
THREAT INTELLIGENCE INDICATORS
Current Threat Status: NONE DETECTED
| Indicator | Status |
|---|---|
| Known Attacker | False |
| Spam Source | False |
| Tor Exit Node | False |
| Proxy/VPN | Mixed signals (see history below) |
| Blacklist Count | 0 |
| DNSBL Listed | 1 of 8 lists |
| Active Campaigns | None |
Network Abuse Context:
- Subnet (158.220.126.0/24): Mostly clean classification
- Abuse Density: 0
- Threat Siblings in /24: 1
- Overall Neighborhood Risk: Low
HISTORICAL SIGNAL ANALYSIS
Observation Window: 25 signals across multiple timeframes
Notable Historical Events:
1. 2026-06-18: Proxy/VPN detection with 85% confidence (proxycheck-io source) - flagged as VPN proxy type
2. 2026-06-17: Geographic inconsistencies detected - proxycheck-io reported France location (distance 401.9 km from claimed Germany coordinates)
3. 2026-06-13: Cloud infrastructure confirmed - is_cloud: true, is_hosting: true
Temporal Persistence:
- Ownership Changes: 0
- Threat Observation Count: 1
- Threat Persistence Days: 0
- Persistently Malicious: False
RELATIONSHIP GRAPH
Total Relationships: 44
Key Associations:
- DNS Hostname: vmi2939225.contaboserver.net (multiple associations)
- Network Segment: TT-20230331 (same network references)
- Provider: Contabo GmbH (confirmed via ASN)
SECURITY RECOMMENDATIONS
Risk-Based Action: No immediate blocking recommended due to low-risk classification.
Defensive Considerations:
- Monitor for geographic inconsistency patterns (France vs Germany claims)
- Track proxy/VPN detection signals in historical data
- Standard SSH port traffic from known cloud hosting provider
- No specific firewall rules generated - risk score below action threshold
Monitoring Thresholds:
- Risk Score Action Point: >50
- Threat Indicator Activation: Any campaign correlation
- Blacklist Threshold: 5+ lists
ANALYST NOTES
The IP represents standard cloud hosting infrastructure with no current malicious indicators. Geographic discrepancies and proxy detection signals warrant routine monitoring but do not justify immediate blocking. The IP operates within a clean subnet with minimal abuse density. Recommend standard traffic logging and periodic re-evaluation if threat indicators emerge.
---
*Data Source: IPDebrief Intelligence Platform*
*Classification: Internal Use - SOC Analysis*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi2939225.contaboserver.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vmi2939225.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 22% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:49 UTC |
| Last Seen | 2026-06-27 00:53:16 UTC |
| Profile Built | 2026-06-27 15:05:37 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 30 |
Full dossier details are available via our API.