167.86.89.166
INTELLIGENCE BRIEFING: IP 167.86.89.166
Classification: Cloud Compute Infrastructure (Low Risk)
Analysis Date: 2026-06-29
Intelligence Lead: IPDebrief Automated Analysis
---
Executive Summary
IP address 167.86.89.166 is a cloud computing infrastructure endpoint operated by CONTABO (ASN 51167) within their 167.86.80.0/20 CIDR block. The asset maintains a low-risk profile (Risk Score: 25) with no active threat indicators. Geolocation data consistently identifies the endpoint in Nuremberg, Germany. The IP is associated with VPS infrastructure and shows no evidence of malicious activity or persistent threat behavior.
---
Technical Profile
Ownership & Infrastructure:
- Organization: Johannes Selg / CONTABO
- ASN: 51167
- CIDR Block: 167.86.80.0/20
- Registration Authority: ARIN
- Infrastructure Type: CloudCompute / Hosting
Geolocation:
- Country: Germany (DE)
- Region: Bavaria (BY)
- City: Nuremberg
- Coordinates: 51.17°N, 10.45°E
- Geolocation Consensus: True (1 source)
- Accuracy Radius: 400km
DNS Resolution:
- PTR Record: vmi3201551.contaboserver.net
- Forward Resolution: vmi3201551.contaboserver.net
- HTTP Services: None detected (firewalled/no services)
- TLS Certificates: None
- Email Authentication: SPF/DMARC not configured
---
Threat Assessment
Current Risk Indicators:
- Overall Risk Score: 25 (Low Risk)
- Abuse Confidence Score: Not applicable
- Known Attacker Status: No
- Tor Exit Node: No
- Spam Source: No
- Blacklist Count: 0
- Pulsedive Risk: N/A
- Known Campaigns: None
Control Plane Analysis:
- BGP Prefix: 167.86.88.0/23
- Route Stability: Unstable (route changes detected in past 30 days)
- DNSBL Listings: 1 of 8 total lists
- RPKI State: Not validated
- IRR Consistency: Not evaluated
---
Historical Observation Analysis
Observation Timeline: 24 signals recorded
- Most Recent: 2026-06-29 07:33:34 UTC (Geolocation inference)
- Signal Types: Geolocation (2), Neighborhood/Abuse Density (2), Ownership/Threat Persistence (1), Threat List (1)
Historical Trends:
- Consistent German geolocation attribution across all observations
- No evidence of ownership changes
- Threat persistence days: 0
- Persistently malicious classification: False
- Neighborhood classification: "mostly_clean" (abuse density: 1)
---
Relationship Graph
Total Relationships: 32
- Network Associations: Multiple CONTABO network relationships
- DNS Associations: Repeated resolution to vmi3201551.contaboserver.net
- Primary Entity: CONTABO cloud infrastructure
Key Associations:
- CONTABO network (multiple instances)
- Hostname: vmi3201551.contaboserver.net (multiple DNS associations)
---
Neighborhood Analysis
Subnet: 167.86.89.0/24
- Abuse Density: 1 (Low)
- Classification: Mostly Clean
- Total Sibling IPs: 2
- Active Sibling IPs: 2
- Threat Sibling IPs: 2
Neighbor IP Inventory:
| IP Address | Risk Score | Classification |
|---|---|---|
| 167.86.89.78 | 25 | Low Risk |
Risk Distribution:
- High Risk: 0
- Medium Risk: 0
- Low Risk: 1
---
Recommended Actions
Firewall/Network Rules: No specific blocking or rate-limiting rules recommended based on current risk profile. The IP maintains a low-risk classification with no active threat indicators.
Monitoring Parameters:
- Monitor for changes in route stability (current: unstable)
- Track DNSBL listing changes (current: 1 of 8 lists)
- Observe neighborhood activity for any emergence of medium/high-risk sibling IPs
---
Conclusion
IP 167.86.89.166 represents standard CONTABO cloud hosting infrastructure with no active malicious indicators. The low-risk score (25), clean neighborhood classification, and absence of threat indicators support continued monitoring without immediate blocking. Routine security monitoring is recommended to track potential changes in threat status or route stability.
Confidence Level: High
Threat Status: Not Malicious
Recommended Action: Monitor
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | CONTABO |
| CIDR Block | 167.86.80.0/20 |
| RIR | ARIN |
| Country | DE |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi3201551.contaboserver.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vmi3402283.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| Closed Ports | 22, 25, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | nginx |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 27% | 2 | 2 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-30 10:58:19 UTC |
| Last Seen | 2026-06-29 07:33:49 UTC |
| Profile Built | 2026-06-29 07:48:37 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 25 |
Full dossier details are available via our API.