94.72.99.123
Threat Intelligence Briefing: IP 94.72.99.123/32
Summary:
The IP address 94.72.99.123/32 is associated with a Contabo cloud hosting infrastructure, registered under Johannes Selg (ASN 51167). Geolocation data indicates a location in Portsmouth, England (DE), but geo-validation flags this as implausible, suggesting potential spoofing or misattribution. The IP exhibits moderate risk (50/100) with no direct threat indicators (no malware, spam, or known attacker associations).
Key Findings:
1. Network Profile:
- Hosting Provider: Contabo (cloud compute instance).
- Subnet: 94.72.99.123/24, with 25% abuse density (mostly clean, but 1 threat sibling detected).
- Neighbors: 3 sibling IPs in the subnet, with risk scores ranging from 25β50. One neighbor (94.72.99.244) shows higher risk (score 50).
2. Geolocation Anomalies:
- Conflicting data: IP reports Portsmouth, UK, but geo-validation fails. This may indicate misconfigured DNS, spoofing, or inaccurate location databases.
3. DNS & Ownership:
- Resolves to vmi2712169.contaboserver.net (no malicious domains or email auth records).
- Ownership has not changed recently (0 ownership changes in 30 days).
4. Threat Observations:
- No active open ports, services, or TLS certificates detected.
- No known malicious campaigns or DNSBL listings.
Recommended Actions:
- Monitor the 94.72.99.0/24 subnet for lateral movement or unusual traffic patterns.
- Investigate the geo-validation discrepancy to rule out spoofing or misconfigured infrastructure.
- Check Contaboβs security practices for compliance with hosting provider standards.
- Continuously track the high-risk neighbor (94.72.99.244) for potentialε ³θ activity.
Conclusion:
This IP appears to be a legitimate cloud-hosted server with no immediate threat indicators. However, the geo-validation inconsistency and subnet abuse density warrant further monitoring. SOC teams should prioritize validating location data and ensuring network segmentation to mitigate risks from neighboring IPs.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | TT-20240214 |
| CIDR Block | 94.72.96.0/20 |
| RIR | RIPE |
| Country | DE |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | vmi2712169.contaboserver.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | vmi2712169.contaboserver.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 30% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 24% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-01 11:45:14 UTC |
| Last Seen | 2026-06-21 07:38:36 UTC |
| Profile Built | 2026-06-21 07:40:12 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 24 |
Full dossier details are available via our API.