161.97.77.7

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 161.97.77.7/32

Date: June 16, 2026

Classification: Low Risk

Analyst: IPDebrief Intelligence Team

---

## Executive Summary

IP address 161.97.77.7 is a low-risk cloud infrastructure host operating on the CONTABO network. The system presents standard web server characteristics with no active threat indicators. Risk assessment scores 30 out of 100, indicating minimal immediate concern. No actionable firewall rules or security recommendations are generated at this time.

---

## Infrastructure Profile

Ownership & Registration

ASN: 51167
Organization: Johannes Selg / CONTABO
CIDR Block: 161.97.64.0/18
RIR: ARIN

Geolocation

Country: Germany (DE)
City: Nuremberg
Coordinates: 51.17°N, 10.45°E
Timezone: Europe/Berlin

Network Classification

Infrastructure Type: Cloud Compute
Provider: Contabo
Cloud Hosted: Yes
Connection Type: Web Server

---

## Network Services & Fingerprint

Open Ports

Port	Protocol	Service
22	tcp	SSH
80	tcp	HTTP
443	tcp	HTTPS
8080	tcp	HTTP-ALT

Server Fingerprints

Web Server: nginx/1.24.0 (Ubuntu)
SSH Version: SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
HTTP Version: HTTP/2.0
TLS Protocol: TLS 1.3 (AES_256_GCM_SHA384)

DNS Resolution

PTR Record: vmi2701266.contaboserver.net
Domain: contaboserver.net
Forward Resolution: Confirmed

TLS Certificate

Issuer: E8, O=Let's Encrypt, C=US
Subject: aeotool.ai
Validation: Valid certificate (non-self-signed)

---

## Threat Intelligence Assessment

Risk Indicators

Overall Risk Score: 30/100 (Low)
Abuse Confidence: Not applicable
Known Attacker: No
Spam Source: No
Tor Exit Node: No
Blacklist Count: 0

Control Plane Signals

DNSBL Listed: 1 of 8 total lists
BGP Prefix: 161.97.76.0/23
Route Stability: Not stable
Operator Score: 0.2609 (Basic)

Threat Campaigns: None correlated

Cert Matches: 0

Correlated IPs: 0

---

## Historical Activity Analysis

Observation Count: 19 signals

Latest Activity: June 16, 2026

Observed Behavior

HTTP/2 enabled with TLS 1.3 encryption
Server banner confirms nginx/1.24.0 on Ubuntu
SSH access available via OpenSSH 9.6p1
HTTP/2 traffic observed
HTTP response time: 1570ms average
No persistent malicious activity detected (threat observation count: 1)
No ownership changes recorded

Security Headers & Configuration

HSTS: Not configured
CSP: Not configured
Referrer Policy: Not configured
X-Frame-Options: Not configured
Content-Type Options: Not configured
Permissions Policy: Not configured

Robots.txt Analysis

Administrative paths are explicitly blocked:

/admin/, /api/, /storage/, /vendor/, /.env, /config/
Permitted paths: /blog/, /images/, /css/, /js/

---

## Relationship Graph

DNS Associations

vmi2701266.contaboserver.net (multiple entries)

Network Associations

CONTABO network (multiple entries)

Total Relationships: 14 entries

---

## Neighborhood Analysis

Subnet: 161.97.77.7/24

Abuse Density: 0 (Low)
Classification: Mostly Clean
Inherited Risk: 2
Total Siblings: 1
Active Siblings: 0
Threat Siblings: 1

Neighbor Risk Distribution

High Risk: 0
Medium Risk: 0
Low Risk: 0

---

## Security Recommendations

Current Status: No actionable security actions recommended

The IP presents standard low-risk cloud hosting characteristics:

Legitimate cloud provider (CONTABO)
Standard web server configuration
No active threat indicators
No blacklist entries
Standard TLS implementation

Monitoring Considerations

Monitor for changes in risk score above 50
Track for new threat indicator associations
Watch for certificate renewal patterns
Monitor for subnet abuse density changes

---

## Conclusions

IP 161.97.77.7 operates as a standard Contabo cloud host with minimal threat indicators. The infrastructure demonstrates typical web hosting characteristics with proper TLS encryption and standard security configurations. No immediate defensive actions are required. Continued monitoring is recommended for any changes in risk posture or threat association patterns.

Classification: Low Risk - Passive Monitoring

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	Grand Est
City	Lauterbourg
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	Johannes Selg
ASN	AS51167
Network Name	CONTABO
CIDR Block	161.97.64.0/18
RIR	ARIN
Country	DE
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	vmi2701266.contaboserver.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`vmi2701266.contaboserver.net`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Tier 3 — Basic operator with some routing infrastructure

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
8080	http-alt	tcp	—
Closed Ports	25, 3389, 8443 (4 open / 7 scanned)

Server	nginx/1.24.0 (Ubuntu)
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16

🔐 TLS Certificate

🔒

CN=aeotool.ai

Issued by CN=E8, O=Let's Encrypt, C=US

Self-signed: No

SANs	aeotool.aiwww.aeotool.ai
Valid From	2026-05-09T08:34:38+00:00
Valid Until	2026-08-07T08:34:37+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha384ECDSA
Validity Period	89 days
Serial Number	0514E0206F67A5944A890AD643E256ABAA34
Thumbprint	2507077766B6D6675C91278D9F35D1DD58B6E18C

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	32%	2	3
routing	13%	1	1
services	32%	2	3
ownership	30%	2	3
reputation	28%	1	3
geolocation	13%	1	1
Overall	25%	9	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Fresh

First Seen	2026-06-06 07:26:53 UTC
Last Seen	2026-06-26 18:10:43 UTC
Profile Built	2026-06-25 11:15:49 UTC
Data Freshness	Fresh
Signal Types	22
Total Observations	23

🔍 22 signal types · 23 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

161.97.77.7📋 Copy