94.72.127.251
# IP Intelligence Briefing: 94.72.127.251/32
## Executive Summary
IP address 94.72.127.251/32 presents a low-risk profile (score: 25) with mixed operational indicators. The IP is registered to Contabo (ASN 40021) and operates as a cloud compute host in the German network 94.72.120.0/21. However, geolocation inconsistencies and DNSBL listings warrant continued monitoring. The subnet classification is "mostly_clean" with low abuse density.
## Network Classification
| Attribute | Value |
|---|---|
| Provider | Contabo |
| Infrastructure Type | Cloud Compute |
| ASN | 40021 (Johannes Selg) |
| CIDR Block | 94.72.120.0/21 |
| BGP Prefix | 94.72.120.0/21 |
| Route Stability | Unstable (route changes observed) |
| RPKI State | Not Validated |
| DNSSEC | Valid |
| Is Cloud | Yes |
| Is Hosting | Yes |
## Geolocation Analysis
Current Consensus: Germany (DE), Swidnik, Region 06
Coordinates: 51.17°N, 10.45°E
Timezone: Europe/Berlin
Anomaly Detected: Geolocation validation failed with RTT violation. Minimum observed RTT (79.0ms) is below the theoretical minimum (158.2ms) for the stated distance (7,910km), indicating potential geolocation spoofing or routing irregularities.
## Observations and History
The IP has generated 22 signal observations. Key temporal patterns:
June 28, 2026:
- ASN reported: AS41314 eco trade sp. z o. o
- Location: Swidnik, Poland
- Reputation: 0, has threats flag active
- Pulse count: 4 threat indicators
June 20, 2026:
- ASN reported: AS40021 (Contabo Inc.)
- Location: Seattle, United States
- Proxy type: VPN detected
- Risk score: 66 (proxycheck-io)
Geographic Inconsistency: The IP has been observed across Germany, Poland, and United States within a 7-day window, indicating either aggressive spoofing or legitimate multi-region cloud operations.
## DNS and Service Analysis
| Field | Value |
|---|---|
| PTR Hostname | vmi3195040.contaboserver.net |
| Forward Resolution | Confirmed |
| Open Ports | TCP/22 (SSH-2.0-OpenSSH_8.9p1 Ubuntu) |
| Hosted Domains | 0 |
| Email Auth | SPF: No, DMARC: No |
Service Fingerprint: Standard cloud server with SSH access. No web services, TLS certificates, or HTTP headers detected.
## Threat Indicators
- DNSBL Listed: 1 of 8 threat lists
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Campaign Correlation: No matches
- Threat Persistence: 0 days
## Network Neighborhood
| Attribute | Value |
|---|---|
| Subnet | 94.72.127.251/24 |
| Abuse Density | 1 (Low) |
| Classification | mostly_clean |
| Total Siblings | 1 |
| Active Siblings | 0 |
| Threat Siblings | 1 |
No significant neighboring IPs detected within the /24 subnet.
## Relationship Graph
37 relationships identified:
- DNS Associations: vmi3195040.contaboserver.net
- Network Associations: TT-20240214 (multiple instances)
- Certificate Associations: None
## Recommended Actions
| Priority | Action |
|---|---|
| Low | Monitor for geographic instability |
| Low | Add to watchlist due to DNSBL presence |
| None | No immediate blocking required |
## Intelligence Assessment
This IP address represents a standard Contabo cloud hosting environment with one DNSBL listing. The primary concern is the geographic inconsistency observed between June 20-28, 2026, which could indicate either:
1. Legitimate multi-region cloud operations
2. Aggressive IP reputation manipulation
3. Routing anomalies unrelated to abuse
The low abuse density in the surrounding subnet and lack of active threat siblings suggest minimal immediate threat. However, the RTT/geolocation violation and transient threat signals warrant periodic re-evaluation.
Confidence Level: Medium
Recommended Action: Monitor
---
*Report generated: 2026-06-28 | Data sources: IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS40021 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vmi3195040.contaboserver.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vmi3195040.contaboserver.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-17 09:11:55 UTC |
| Last Seen | 2026-06-28 05:02:00 UTC |
| Profile Built | 2026-06-28 23:07:16 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.