# IP Intelligence Briefing: 173.212.251.230/32
Classification: Moderate Risk (Score: 40/100) | Infrastructure: Web Server | Provider: CONTABO (Cloud Hosting)
---
## Executive Summary
IP address 173.212.251.230 is a moderate-risk cloud computing host operating under the CONTABO infrastructure (ASN 51167) located in Nuremberg, Germany. The asset functions as a web server with standard HTTP/HTTPS services. Risk scoring indicates moderate concern (40/100) primarily driven by DNSBL listings on 2 of 8 monitored blacklists. No active threat indicators, known campaigns, or exploit activity detected.
---
## Ownership & Infrastructure
| Attribute | Details |
|---|---|
| **Organization** | Johannes Selg (CONTABO) |
| **ASN** | 51167 |
| **CIDR Block** | 173.212.224.0/19 |
| **Geolocation** | Nuremberg, Bavaria, Germany (DE) |
| **Infrastructure Type** | Cloud Compute / Hosting |
| **Network Role** | Web Server |
Network Classification: Cloud-hosted infrastructure with hosting services enabled. The IP operates on nginx web server stack with HTTP/2 protocol support.
---
## Service & DNS Profile
Open Ports: TCP/80 (HTTP), TCP/443 (HTTPS)
DNS Resolution: server01.techfol.hu
TLS Configuration:
- Certificate Issuer: Let's Encrypt (R12)
- Subject: server01.techfol.hu
- Validated certificate (non-self-signed)
HTTP Fingerprint:
- Server Banner: nginx
- HTTP Version: 2.0
- Status Code: 303
- HSTS: Not enabled
- CSP: Not configured
---
## Threat Intelligence Assessment
Threat Indicators:
- Abuse Confidence Score: Not applicable
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Proxy/VPN: No
- Blacklist Count: 0 (active lists)
- DNSBL Listed: 2 of 8 monitored lists
Campaign Correlation: None detected. No certificate matches or correlated IP activity observed.
Risk Breakdown:
- Provider Score: 0 (Neutral)
- Authority Score: 0 (Neutral)
- Operator Score: 0.1304 (Minimal)
---
## Observation History (24 Signals)
Recent signal observations (June 2026) show consistent infrastructure characteristics:
- Geolocation Signals: Consistent Nuremberg, Germany coordinates (51.17°N, 10.45°E)
- Network Latency: Average RTT 110ms, plausible geographic validation confirmed
- HTTP Fingerprinting: Stable nginx configuration with HTTP/2 enabled
- Threat Persistence: Not persistently malicious (0 threat persistence days)
No significant signal degradation or escalation observed in the observation window.
---
## Network Neighborhood Analysis
Subnet: 173.212.251.230/24
- Abuse Density: 1/10
- Subnet Classification: Mostly Clean
- Inherited Risk: 2/10
- Active Siblings: 1
- Threat Siblings: 1
The subnet exhibits minimal abuse density with low inherited risk, indicating the target IP operates in a generally clean network environment.
---
## Related Entities (27 Relationships)
Network Associations:
- Multiple relationships to CONTABO network infrastructure
DNS Associations:
- server01.techfol.hu (primary hostname)
No organization or certificate relationships detected beyond the primary hosting infrastructure.
---
## Recommended Security Actions
Risk Score: 40/100 (Moderate)
Actionable Recommendations:
- No automated blocking recommended based on current threat profile
- Standard monitoring advised due to DNSBL listings
Firewall Rule Templates (if blocking required):
iptables:
```bash
iptables -A INPUT -s 173.212.251.230 -j DROP
```
nftables:
```bash
nft add rule inet filter input ip saddr 173.212.251.230 drop
```
nginx:
```nginx
deny 173.212.251.230;
```
Cloudflare WAF:
```json
{
"action": "block",
"filter": {
"expression": "ip.src eq 173.212.251.230"
}
}
```
AWS WAF:
```json
{
"Addresses": ["173.212.251.230/32"],
"Description": "IPDebrief risk 40"
}
```
---
## Intelligence Narrative
IP 173.212.251.230 represents a standard cloud-hosted web server within the CONTABO infrastructure. The moderate risk score (40/100) reflects DNSBL presence without active exploitation indicators. The IP maintains consistent operational characteristics across observation periods with stable nginx web server configuration and valid TLS certificate. No evidence of malicious activity, command-and-control communication, or participation in known threat campaigns.
The subnet environment (173.212.251.230/24) shows low abuse density, suggesting the infrastructure operates within acceptable parameters for hosting services. DNSBL listings on 2 of 8 monitored blacklists warrant monitoring but do not indicate immediate threat.
Suggested SOC Action: Maintain standard monitoring with alert thresholds for any deviation from established HTTP/TLS baseline. No immediate blocking required unless additional threat indicators emerge.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | CONTABO |
| CIDR Block | 173.212.224.0/19 |
| RIR | ARIN |
| Country | DE |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | server01.techfol.hu |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | server01.techfol.hu |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | nginx |
| HTTP Title | โ |
๐ TLS Certificate
CN=server01.techfol.hu was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.| SANs | server01.techfol.hu |
| Valid From | 2025-09-11T10:51:43+00:00 |
| Valid Until | 2025-12-10T10:51:42+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 06E53969AE07FB625DA6179BADB883861E32 |
| Thumbprint | A780F89EA0260C9589462DCD1072C0810C645937 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 25% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-25 00:40:42 UTC |
| Last Seen | 2026-06-29 00:52:53 UTC |
| Profile Built | 2026-06-29 06:56:25 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 26 |
Full dossier details are available via our API.