109.199.103.234

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 109.199.103.234/32

Classification: Cloud Infrastructure / Low Risk

Date: June 2026

Analyst: IPDebrief Intelligence Team

---

## Executive Summary

IP 109.199.103.234 is a low-risk cloud computing endpoint hosted on Contabo infrastructure in Germany. The IP operates as a firewalled virtual machine with no active services exposed. While the individual IP shows minimal threat indicators, it resides within a /24 subnet exhibiting elevated abuse density (0.75), indicating potential neighbor contamination. No immediate defensive actions are recommended based on current risk profile.

---

## Risk Assessment

Overall Risk Score: 25 (Low Risk)

Provider Risk Score: 0

Authority Score: 0

Stability Score: 0

The IP maintains a low risk profile with no active threat indicators. No known campaigns, blacklist hits, or malicious campaign associations are identified. The IP is not a Tor exit node, proxy, or VPN endpoint.

---

## Ownership and Geolocation

Attribute	Value
ASN	51167
Organization	Johannes Selg
Provider	Contabo
Country	Germany (DE)
Region	Grand Est
City	Lauterbourg
RIR	ARIN
CIDR Block	109.199.96.0/20
Geo Accuracy	400km radius

---

## Network Classification

Infrastructure Type: CloudCompute
Connection Type: Cloud-hosted
Service Purpose: Firewalled / No Services
Open Ports: None detected
DNS PTR: vmi3290643.contaboserver.net
Forward Resolution: vmi3290643.contaboserver.net
Is Cloud: Yes
Is Hosting: Yes

---

## Threat Intelligence

Threat Indicators: None

Blacklist Count: 0

Abuse Confidence Score: Not available

Pulsedive Risk: Not available

Known Campaigns: None

Is Known Attacker: No

Is Spam Source: No

Control Plane Data:

Origin ASN: 51167
BGP Prefix: 109.199.96.0/20
Route Stable: False
DNSBL Listed: 1 of 8 lists
Operator Score: 0.1304 (Minimal)
RPKI State: Not available

---

## Neighborhood Analysis

Subnet: 109.199.103.234/24

Abuse Density: 0.75 (Elevated)

Classification: mostly_clean

Inherited Risk: 7

Neighbor IP	Risk Score	Authority Score	Classification
109.199.103.220	40	60	Medium Risk
109.199.103.231	25	60	Low Risk
109.199.103.240	50	60	Medium Risk

Observation: The /24 subnet contains 4 total siblings with 3 classified as threat siblings. This elevated abuse density suggests potential peer contamination or shared infrastructure risk.

---

## Observation History

Total Observations: 19

Threat Persistence Days: 0

Ownership Changes: 0

Is Persistently Malicious: No

Recent observations indicate stable behavior with no significant changes in geolocation, network classification, or threat posture over the monitoring period.

---

## Recommended Security Actions

Current Recommendation: No action required

Firewall Rules: None generated

Rationale: IP maintains low-risk profile with no active threat indicators or malicious behavior observed.

Mitigation Considerations:

Monitor subnet 109.199.103.0/24 for elevated abuse activity
Consider enhanced scrutiny of neighboring IPs (109.199.103.220, 109.199.103.240) which show medium risk scores
No immediate blocking or allow-listing required

---

## Conclusion

IP 109.199.103.234 is a benign cloud computing endpoint with no current threat indicators. While the host IP is clean, SOC teams should remain aware of the elevated abuse density within the parent /24 subnet when evaluating related traffic. Standard monitoring procedures are appropriate; no immediate defensive actions are warranted.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	Grand Est
City	Lauterbourg
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	Johannes Selg
ASN	AS51167
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	vmi3290643.contaboserver.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`vmi3397838.contaboserver.net`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	3
routing	13%	1	1
services	15%	1	2
ownership	24%	2	3
reputation	26%	1	3
geolocation	26%	2	2
Overall	22%	9	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-24 12:33:10 UTC
Last Seen	2026-06-28 23:57:14 UTC
Profile Built	2026-06-29 05:58:39 UTC
Data Freshness	Live
Signal Types	19
Total Observations	22

🔍 19 signal types · 22 observations collected

This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

109.199.103.234📋 Copy