167.89.11.11
## INTELLIGENCE BRIEFING: 167.89.11.11/32
Classification: LEGITIMATE INFRASTRUCTURE | Risk Level: LOW
Date: 2026-06-22
Reporting Platform: IPDebrief Intelligence Analysis
---
EXECUTIVE SUMMARY
IP address 167.89.11.11 is associated with SendGrid, Inc. (ASN 11377), a legitimate email service provider. The IP exhibits standard email infrastructure characteristics with no malicious indicators. No firewall blocking or threat mitigation actions are currently recommended.
---
OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| Organization | SendGrid, Inc. |
| ASN | 11377 |
| RIR | ARIN |
| Network Block | 167.89.0.0/18 |
| Country | United States |
| Service Classification | Firewalled / No Services |
The IP resolves to DNS hostname o1274.shared.klaviyomail.com with confirmed forward resolution. Email authentication records (SPF, DMARC) are properly configured.
---
RISK ASSESSMENT
| Metric | Value | Status |
|---|---|---|
| Overall Risk Score | 0 | Low Risk |
| Provider Score | 0 | N/A |
| Authority Score | 0 | N/A |
| Stability Score | 0 | N/A |
| Abuse Confidence | N/A | N/A |
| Blacklist Count | 0 | Clean |
| Known Campaigns | None | N/A |
Threat indicators are absent. No associations with known attacker infrastructure, spam sources, or Tor exit nodes.
---
NETWORK BEHAVIOR
| Indicator | Finding |
|---|---|
| Open Ports | None |
| TLS Certificate | None |
| HTTP Title | None |
| Server Banner | None |
| HSTS/CSP | Not configured |
| HTTP/2 | Not detected |
Network role classification indicates firewalled infrastructure with no publicly accessible services.
---
NEIGHBORHOOD ANALYSIS
| Metric | Value |
|---|---|
| Subnet | 167.89.11.11/24 |
| Abuse Density | 0 |
| Classification | Mostly Clean |
| Risk Distribution | No high-risk neighbors |
| Active Threat Siblings | 0 |
The /24 subnet shows minimal abuse density, consistent with legitimate SendGrid infrastructure deployment.
---
OBSERVATION HISTORY
Historical signal analysis (20 observations) demonstrates consistent low-risk behavior:
- Recent DNSSEC validation signals (confidence 0.30-0.60)
- US geolocation consistently reported (confidence 0.35)
- No threat persistence indicators detected
- Threat observation count: 1 (historical)
- Average ownership stability maintained
Behavioral analysis shows no enumeration strikes, honeypot hits, or WAF violations.
---
RELATIONSHIP GRAPH
35 relationships identified:
- DNS associations: o1274.shared.klaviyomail.com
- Network associations: SENDGRID-167-89-0-0-17
- Control plane routing through Comcast and Lumen transit networks
All relationships align with expected email service provider infrastructure patterns.
---
RECOMMENDED ACTIONS
Risk Score: 0
Action Status: No immediate mitigation required
Given the low-risk classification and legitimate SendGrid infrastructure association:
- No firewall blocking recommended
- No WAF rules required
- No threat intelligence alerts necessary
- Standard email traffic should be permitted
Note: These recommendations are probabilistic and should be combined with other contextual signals before taking action.
---
INTELLIGENCE CONCLUSION
IP 167.89.11.11 represents legitimate SendGrid email delivery infrastructure with no malicious indicators. The IP's security posture, DNS configuration, and neighborhood analysis all support benign operational status. SOC teams should classify this IP as trusted infrastructure and permit associated traffic. No further monitoring or investigation is warranted absent contradictory evidence.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | SendGrid, Inc. |
| ASN | AS11377 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | o1274.shared.klaviyomail.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | o1274.shared.klaviyomail.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 21% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 20% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:03:52 UTC |
| Last Seen | 2026-06-22 20:13:22 UTC |
| Profile Built | 2026-06-22 20:20:21 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 21 |
Full dossier details are available via our API.