173.212.251.230

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 173.212.251.230/32

Classification: Moderate Risk (Score: 40/100) | Infrastructure: Web Server | Provider: CONTABO (Cloud Hosting)

---

## Executive Summary

IP address 173.212.251.230 is a moderate-risk cloud computing host operating under the CONTABO infrastructure (ASN 51167) located in Nuremberg, Germany. The asset functions as a web server with standard HTTP/HTTPS services. Risk scoring indicates moderate concern (40/100) primarily driven by DNSBL listings on 2 of 8 monitored blacklists. No active threat indicators, known campaigns, or exploit activity detected.

---

## Ownership & Infrastructure

Attribute	Details
Organization	Johannes Selg (CONTABO)
ASN	51167
CIDR Block	173.212.224.0/19
Geolocation	Nuremberg, Bavaria, Germany (DE)
Infrastructure Type	Cloud Compute / Hosting
Network Role	Web Server

Network Classification: Cloud-hosted infrastructure with hosting services enabled. The IP operates on nginx web server stack with HTTP/2 protocol support.

---

## Service & DNS Profile

Open Ports: TCP/80 (HTTP), TCP/443 (HTTPS)

DNS Resolution: server01.techfol.hu

TLS Configuration:

Certificate Issuer: Let's Encrypt (R12)
Subject: server01.techfol.hu
Validated certificate (non-self-signed)

HTTP Fingerprint:

Server Banner: nginx
HTTP Version: 2.0
Status Code: 303
HSTS: Not enabled
CSP: Not configured

---

## Threat Intelligence Assessment

Threat Indicators:

Abuse Confidence Score: Not applicable
Known Attacker: No
Spam Source: No
Tor Exit Node: No
Proxy/VPN: No
Blacklist Count: 0 (active lists)
DNSBL Listed: 2 of 8 monitored lists

Campaign Correlation: None detected. No certificate matches or correlated IP activity observed.

Risk Breakdown:

Provider Score: 0 (Neutral)
Authority Score: 0 (Neutral)
Operator Score: 0.1304 (Minimal)

---

## Observation History (24 Signals)

Recent signal observations (June 2026) show consistent infrastructure characteristics:

Geolocation Signals: Consistent Nuremberg, Germany coordinates (51.17°N, 10.45°E)
Network Latency: Average RTT 110ms, plausible geographic validation confirmed
HTTP Fingerprinting: Stable nginx configuration with HTTP/2 enabled
Threat Persistence: Not persistently malicious (0 threat persistence days)

No significant signal degradation or escalation observed in the observation window.

---

## Network Neighborhood Analysis

Subnet: 173.212.251.230/24

Abuse Density: 1/10
Subnet Classification: Mostly Clean
Inherited Risk: 2/10
Active Siblings: 1
Threat Siblings: 1

The subnet exhibits minimal abuse density with low inherited risk, indicating the target IP operates in a generally clean network environment.

---

## Related Entities (27 Relationships)

Network Associations:

Multiple relationships to CONTABO network infrastructure

DNS Associations:

server01.techfol.hu (primary hostname)

No organization or certificate relationships detected beyond the primary hosting infrastructure.

---

## Recommended Security Actions

Risk Score: 40/100 (Moderate)

Actionable Recommendations:

No automated blocking recommended based on current threat profile
Standard monitoring advised due to DNSBL listings

Firewall Rule Templates (if blocking required):

iptables:

```bash

iptables -A INPUT -s 173.212.251.230 -j DROP

```

nftables:

```bash

nft add rule inet filter input ip saddr 173.212.251.230 drop

```

nginx:

```nginx

deny 173.212.251.230;

```

Cloudflare WAF:

```json

{

"action": "block",

"filter": {

"expression": "ip.src eq 173.212.251.230"

}

```

AWS WAF:

```json

{

"Addresses": ["173.212.251.230/32"],

"Description": "IPDebrief risk 40"

}

```

---

## Intelligence Narrative

IP 173.212.251.230 represents a standard cloud-hosted web server within the CONTABO infrastructure. The moderate risk score (40/100) reflects DNSBL presence without active exploitation indicators. The IP maintains consistent operational characteristics across observation periods with stable nginx web server configuration and valid TLS certificate. No evidence of malicious activity, command-and-control communication, or participation in known threat campaigns.

The subnet environment (173.212.251.230/24) shows low abuse density, suggesting the infrastructure operates within acceptable parameters for hosting services. DNSBL listings on 2 of 8 monitored blacklists warrant monitoring but do not indicate immediate threat.

Suggested SOC Action: Maintain standard monitoring with alert thresholds for any deviation from established HTTP/TLS baseline. No immediate blocking required unless additional threat indicators emerge.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	BY
City	Nuremberg
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	Johannes Selg
ASN	AS51167
Network Name	CONTABO
CIDR Block	173.212.224.0/19
RIR	ARIN
Country	DE
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	server01.techfol.hu
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`server01.techfol.hu`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Present
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
Closed Ports	22, 25, 3389, 8080, 8443 (2 open / 7 scanned)

Server	nginx
HTTP Title	—

🔐 TLS Certificate

An expired certificate for CN=server01.techfol.hu was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.

🔒

CN=server01.techfol.hu

Issued by CN=R12, O=Let's Encrypt, C=US

Self-signed: No

SANs	server01.techfol.hu
Valid From	2025-09-11T10:51:43+00:00
Valid Until	2025-12-10T10:51:42+00:00 (expired)
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	89 days
Serial Number	06E53969AE07FB625DA6179BADB883861E32
Thumbprint	A780F89EA0260C9589462DCD1072C0810C645937

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	4
routing	8%	1	1
services	30%	2	3
ownership	27%	2	3
reputation	26%	1	3
geolocation	34%	2	3
Overall	25%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-25 00:40:42 UTC
Last Seen	2026-06-29 00:52:53 UTC
Profile Built	2026-06-29 06:56:25 UTC
Data Freshness	Live
Signal Types	24
Total Observations	26

🔍 24 signal types · 26 observations collected

This report is generated from 24+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

173.212.251.230📋 Copy