213.136.89.197

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 213.136.89.197

## Executive Summary

The IP address 213.136.89.197 is classified as Moderate Risk (Score: 40) and operates as a cloud infrastructure endpoint hosted on Contabo. The IP shows minimal malicious activity but is associated with a virtual machine instance on a cloud hosting provider network.

## Infrastructure Profile

Provider: Contabo (ASN 51167)
Organization: Johannes Selg
Geolocation: Germany (DE), Grand Est region, Lauterbourg
Infrastructure Type: CloudCompute
Network Role: Cloud hosting provider environment

## Technical Details

Hostname: vmi3096088.contaboserver.net
DNS Resolution: Forward confirmed with single PTR record
Service Status: No open ports detected; HTTP 2.0 with 404 response
DNS Security: No SPF or DMARC records configured on associated domain
DNSBL Presence: Listed on 2 of 8 total blacklist entries
Route Stability: Not route stable; BGP prefix 213.136.88.0/23

## Threat Assessment

The IP demonstrates low threat persistence with only one threat observation recorded. No active campaigns, known attacker signatures, or Tor exit node activity detected. The "Basic" operator score (0.2609) indicates limited routing intelligence available for this endpoint.

## Historical Observation

Total Observations: 22 signals recorded
Recent Activity: Cloud infrastructure classification confirmed in June 2026
Reputation Trend: Consistent classification as cloud hosting infrastructure with stable provider association

## Neighborhood Analysis

Subnet: 213.136.89.0/24
Abuse Density: Low (0)
Neighbor Risk Distribution: No high-risk neighbors detected
Classification: Mostly clean subnet with minimal inherited risk (Score: 2)

## SOC Recommendations

1. Monitoring: Implement passive traffic monitoring for this IP; no immediate blocking required

2. Allow Rules: If legitimate traffic is observed, permit with rate limiting due to cloud hosting nature

3. Threat Hunting: Monitor for abuse patterns from this Contabo infrastructure; check for correlated activity with related VMI hostnames

4. Block Decision: No block recommendation at this time; risk score (40) falls below typical threshold for proactive blocking

5. Alerting: Configure alerts for port scans or unusual outbound connections from this IP

## Actionable Intelligence

This IP represents standard cloud infrastructure usage with moderate risk scoring primarily due to blacklist presence and lack of DNS security records. The endpoint shows no indicators of active exploitation or malicious campaigns. Continued monitoring recommended without immediate remediation actions.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	BY
City	Nuremberg
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	Johannes Selg
ASN	AS51167
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	vmi3096088.contaboserver.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`vmi3096088.contaboserver.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	25%	2	4
routing	13%	1	1
services	20%	2	3
ownership	24%	2	3
reputation	26%	1	3
geolocation	40%	2	3
Overall	25%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-24 18:40:52 UTC
Last Seen	2026-06-29 00:30:05 UTC
Profile Built	2026-06-29 06:32:02 UTC
Data Freshness	Live
Signal Types	23
Total Observations	25

🔍 23 signal types · 25 observations collected

This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

213.136.89.197📋 Copy