89.117.61.157
INTELLECTUAL PROPERTY THREAT INTELLIGENCE BRIEFING
Target: 89.117.61.157/32
Classification: LOW RISK / HOSTING INFRASTRUCTURE
Date: 2026-06-14
---
EXECUTIVE SUMMARY
IP address 89.117.61.157 operates as a cloud hosting service provided by Contabo (ASN: 51167) with an overall risk score of 15 (Low Risk). The endpoint hosts a web server with HTTPS termination but presents minimal active threat indicators. The IP maintains a stable reputation profile with 24 historical observations recorded over the analysis period.
TECHNICAL PROFILE
Infrastructure:
- Provider: Contabo (CloudCompute infrastructure)
- ASN: 51167 (LRTC-MNT)
- BGP Prefix: 89.117.48.0/20
- Network Classification: Cloud Hosting / Web Server
- RIR Registration: RIPE
Service Configuration:
- Server Software: nginx/1.24.0 (Ubuntu)
- Open Ports: TCP/80 (HTTP), TCP/443 (HTTPS)
- TLS Certificate: Let's Encrypt (CN=E8, O=Let's Encrypt, C=US)
- Certificate Subject: ads.stasbelo.com
- Response Status: 404 (Not Found)
- HTTP Version: 1.1 (No HTTP/2)
- Time to First Byte: 402ms
Geolocation Data:
- Reported Country: Lithuania (LT)
- Coordinates: 56°N, 24°E
- Region: Grand Est (data inconsistency detected)
- Geographic validation flagged as implausible
THREAT INDICATORS
Active Threats: None detected
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Blacklist Count: 0
- Pulsedive Risk: Not applicable
- Associated Campaigns: None
DNS/Reputation:
- DNSBL Listed: 1 of 8 monitoring lists
- DNSSEC: Valid
- Operator Score: 0.4348 (Basic)
HISTORICAL OBSERVATION ANALYSIS
Analysis of 24 observations from 2026-06-14 reveals consistent infrastructure characteristics:
Temporal Indicators:
- Ownership changes: None (0 events)
- Threat persistence days: 0
- Persistently malicious: No
- Threat observation count: 1
Domain Activity:
- Primary domain: stasbelo.com
- SPF Record: Configured (v=spf1 include:spf.efwd.registrar-servers.com ~all)
- DMARC Record: Not configured
- TXT Record Count: 1
- Domain age/registration: Not available
Infrastructure Consistency:
- Cloud provider classification consistent across observations
- ASN fluctuations noted (AS834 ipxo llc referenced in historical signals)
- HTTP fingerprinting stable (nginx/1.24.0)
NETWORK RELATIONSHIPS
Connected Entities: 52 relationships identified
- Primary classification: Same Network (47+ instances)
- Network designation: LRTC_INETNUM_RENT
- No certificate-based correlations detected
- No correlated campaign IPs identified
Subnet Analysis (89.117.61.157/24):
- Abuse Density: 1 (Low)
- Subnet Classification: Mostly Clean
- Total Siblings: 1
- Active Siblings: 1
- Threat Siblings: 1
- Inherited Risk Score: 2
SECURITY RECOMMENDATIONS
For SOC Analysts:
1. Monitor, Do Not Block: Current risk profile (15/100) warrants monitoring rather than blocking
2. Verify Domain Legitimacy: The stasbelo.com domain requires verification due to DMARC misconfiguration
3. Geolocation Discrepancy: Investigate coordinate/country mismatch (LT vs Grand Est region)
4. DNSBL Monitoring: Track continued DNSBL listing status (1/8 lists)
Firewall Rules (if required):
- Allow TCP/80, TCP/443 with rate limiting
- Monitor for unusual traffic patterns given cloud hosting nature
- No immediate blocking recommended based on risk profile
CONCLUSION
IP 89.117.61.157 represents a low-risk cloud hosting endpoint with no active malicious indicators. The primary concerns relate to operational hygiene (missing DMARC, geolocation inconsistencies) rather than active threats. Recommended actions include continued monitoring and verification of associated domain infrastructure.
---
*Intel prepared by IPDebrief Intelligence Analysis Team*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | LRTC-MNT |
| ASN | AS51167 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi3133273.contaboserver.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vmi3133273.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | 1/2 domains |
| DMARC | 0/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | nginx/1.24.0 (Ubuntu) |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | ads.stasbelo.com |
| Valid From | 2026-05-26T11:15:05+00:00 |
| Valid Until | 2026-08-24T11:15:04+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 0571E6944946D7E5D0CA0770FC13F1C2FF8D |
| Thumbprint | EFF60935EECCE3CDEC69C470A84E3A8218C9BA65 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 15% | 2 | 2 |
| services | 28% | 2 | 4 |
| ownership | 17% | 2 | 3 |
| reputation | 27% | 1 | 3 |
| geolocation | 13% | 1 | 1 |
| Overall | 21% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | High (85%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-10 16:14:52 UTC |
| Last Seen | 2026-06-27 18:12:03 UTC |
| Profile Built | 2026-06-28 12:16:03 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 30 |
Full dossier details are available via our API.