158.247.246.52

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 158.247.246.52

*Generated via IPDebrief analysis tools*

---

Core Profile

Risk Rating: Moderate Risk (Risk Score: 50)
Ownership: Managed by The Constant Company LLC (ASN 20473, network name: CONSTANT-AP).
Geolocation: Registered to Japan (JP), but DNS resolution shows Seoul, South Korea. Latitude/longitude unspecified.
Network Role: CloudCompute instance on Vultr, serving as a web server (HTTP/HTTPS/SSH).
Services:

- HTTP/HTTPS (nginx/1.24.0)

- SSH (OpenSSH 9.6p1)

- TLS certificate: Issued by Let’s Encrypt for ntoppings.com (SAN: *.ntoppings.com).

---

Threat & Security Indicators

Threat Observations:

- 25 total observations over 30 days, with no high-severity threats detected.

- DNS records show SPF/DKIM/DMArc compliance for constant.com and ntoppings.com.

- No known malware, phishing, or botnet activity.

DNS:

- PTR hostname: 158-247-246-52.constant.com.

- CAA records present for constant.com.

- No DNSBL listings.

---

Network Relationships

Linked Entities:

- Same network: CONSTANT-AP (ASN 20473).

- DNS associations: 158-247-246-52.constant.com (multiple entries).

Subnet: 158.247.246.52/24.
Neighbor Analysis:

- No neighboring IPs detected (subnet abuse density: 0).

- Subnet classified as clean.

---

Historical Trends

Observation History:

- 25 total signals over 30 days, with no persistent malicious activity.

- Operator score: Minimal (0.2174).

- No changes in ownership or threat persistence.

---

Actionable Insights

1. Geolocation Discrepancy: The IP is registered to Japan but resolves to Seoul, South Korea. Verify location accuracy or potential spoofing.

2. Cloud Infrastructure: Monitor for unusual traffic patterns on the Vultr-hosted server.

3. DNS Security: Confirm SPF/DKIM/DMArc configurations for constant.com and ntoppings.com are valid.

4. Subnet Monitoring: The /24 subnet has no neighbors, which is unusual. Investigate if this is a single-host setup or misclassification.

Recommendation: Maintain standard monitoring protocols. Prioritize alerts from high-risk sources but avoid overemphasis on this moderate-risk IP.

---

*Generated by IPDebrief. All data sourced from IPDebrief’s threat intelligence platform.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇯🇵 Japan
Region	11
City	Seoul
Timezone	Asia/Tokyo
Latitude	37.56
Longitude	126.92

🏢 Ownership & Registration

Organization	The Constant Company LLC administrator
ASN	AS20473
Network Name	CONSTANT-AP
CIDR Block	158.247.192.0/18
RIR	ARIN
Country	JP
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	158-247-246-52.constant.com
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`158-247-246-52.constant.com`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	2/2 domains
DMARC	2/2 domains
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present
Domains Checked	2 domains

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	nginx/1.24.0 (Ubuntu)
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16

🔐 TLS Certificate

🔒

CN=*.ntoppings.com

Issued by CN=YE2, O=Let's Encrypt, C=US

Self-signed: No

SANs	*.ntoppings.comntoppings.com
Valid From	2026-05-30T15:19:06+00:00
Valid Until	2026-08-28T15:19:05+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha384ECDSA
Validity Period	89 days
Serial Number	065041D1989CE087E0C53C5CDB840456DD9D
Thumbprint	EF7AF4F7F28CA44B39DE221DD2C8058F882E4519

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	4
routing	13%	1	1
services	27%	2	3
ownership	27%	2	3
reputation	22%	1	3
geolocation	19%	2	2
Overall	22%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-06-01 05:38:07 UTC
Last Seen	2026-06-29 09:17:27 UTC
Profile Built	2026-06-29 09:20:55 UTC
Data Freshness	Live
Signal Types	22
Total Observations	23

🔍 22 signal types · 23 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

158.247.246.52📋 Copy

**Core Profile**

**Threat & Security Indicators**

**Network Relationships**

**Historical Trends**

**Actionable Insights**