185.252.232.218
IP Intelligence Briefing: 185.252.232.218
*Generated via IPDebrief Threat Intelligence Platform*
---
**Core Risk Profile**
- Risk Score: 59 (Moderate Risk)
- Threat Indicators:
- Identified as a Tor exit node (high-risk association).
- Observed in 1 DNS resolution (`vmi1347637.contaboserver.net`).
- Network Classification:
- Provider: Tor Exit Node (IPv4 /24 subnet).
- Geolocation: Germany (Lauterbourg, 51.17°N, 10.45°E).
- ASN: 51167 (Johannes Selg).
---
**Threat Observations**
- Historical Signals:
- Consistent "Moderate" risk classification across 54 observations (last 30 days).
- No spikes in malicious activity detected.
- Tor Exit Node:
- SSH service active (port 22, OpenSSH 8.4).
- Tor exit nodes are often used for covert communication or as entry points for attacks.
---
**Network Relationships**
- DNS Associations:
- Linked to `vmi1347637.contaboserver.net` (no abuse indicators).
- Subnet Neighbors:
- 185.252.232.0/24 subnet: 3 total IPs, 2 active.
- Risk Distribution: 0 high-risk, 0 medium-risk, 2 low-risk IPs.
---
**Actionable Insights**
1. Monitor Tor Exit Traffic:
- Block or closely inspect traffic originating from or passing through this IP, as Tor exit nodes are frequently associated with illicit activities.
2. Investigate Hostname:
- Validate the reputation of `vmi1347637.contaboserver.net` for potential hosting provider ties or abuse.
3. Subnet Analysis:
- The subnet has low abuse density, but the IPβs Tor association warrants closer scrutiny.
---
Recommendation:
- Add this IP to a Tor exit node blocklist if not already present.
- Correlate with internal logs for signs of exploitation or data exfiltration.
- Reassess the subnetβs security posture given the presence of a Tor exit node.
*Generated on 2026-06-15 | Data sourced from IPDebrief intelligence feeds.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Johannes Selg |
| ASN | AS51167 |
| Network Name | β |
| CIDR Block | 185.252.232.0/24 |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | vmi1347637.contaboserver.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | vmi1347637.contaboserver.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 20% | 2 | 3 |
| services | 12% | 2 | 2 |
| ownership | 22% | 3 | 4 |
| reputation | 28% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 23% | 12 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:41 UTC |
| Last Seen | 2026-06-28 19:23:18 UTC |
| Profile Built | 2026-06-29 07:26:26 UTC |
| Data Freshness | Live |
| Signal Types | 28 |
| Total Observations | 52 |
Full dossier details are available via our API.