192.251.226.128

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 192.251.226.128

Classification: Moderate Risk

Date: 2026-06-24

Analyst: IPDebrief Intelligence Team

## Executive Summary

IP 192.251.226.128 is a German-based address (Gütersloh, North Rhine-Westphalia) operating within a high-abuse subnet. The IP carries a risk score of 40 and shows no active threat indicators but is situated in a network environment with significant malicious activity. The address is firewalled with no accessible services.

## Network Profile

ASN: 206813 (FFGT-MNT)
Geolocation: Germany, North Rhine-Westphalia, Gütersloh (51.17°N, 10.45°E)
Subnet: 192.251.226.0/24
Classification: Firewalled / No Services
Risk Score: 40 (Moderate Risk)

## Threat Assessment

Direct Threat Indicators: None detected

No known attacker reputation
No Tor exit node activity
No spam source designation
Zero blacklist entries in threat feed analysis

Subnet Context: The /24 subnet shows elevated abuse characteristics:

Abuse density: 0.6133 (high abuse classification)
157 threat siblings identified among 256 total addresses
184 active sibling IPs in the range
Inherited risk score: 24

Routing Status: Route stability flagged as false; the BGP prefix shows instability over the observation period.

## Service Analysis

Open Ports: None detected
HTTP/HTTPS: No services responding
DNS Resolution: Forward resolution failed
TLS/Certificates: Not present
Email Infrastructure: No SPF or DMARC records configured

## Historical Observations

Signal history indicates limited threat persistence:

Most recent observation: 2026-06-24
Threat observation count: 1
Ownership changes: None recorded
Persistent malicious behavior: Not flagged

Abnormal geolocation validation noted (geoPlausible: false) during recent probes.

## Relationship Graph

56 relationships identified, primarily network-level associations:

Multiple "Same Network" relationships to FFGT-NET2
No hostname or certificate associations
No organizational entity links beyond network infrastructure

## Recommended Actions

Based on risk profile and neighborhood context, the following controls are recommended:

Firewall Rules:

```bash

# iptables

iptables -A INPUT -s 192.251.226.128 -j DROP

# nftables

nft add rule inet filter input ip saddr 192.251.226.128 drop

# pfSense

192.251.226.128/32 (block rule)

```

WAF Integration:

Cloudflare WAF: Block rule with expression `ip.src eq 192.251.226.128`
AWS WAF: Add address 192.251.226.128/32 to block set

## Intelligence Notes

1. Neighborhood Risk: The IP resides in a subnet with 61.33% abuse density. While this address shows no direct threat indicators, the operational environment is hostile.

2. Stability Concerns: Route instability (isRouteStable: false) may indicate transient or compromised infrastructure.

3. Silent Operations: No open services detected, suggesting the IP may be used for command-and-control, scanning, or as a dead-drop endpoint.

4. Action Priority: Moderate (40/100). Consider blocking at perimeter based on subnet reputation and route instability, but corroborate with additional intelligence before permanent blocking.

---

Data Sources: IPDebrief Profile, History, Relationships, Neighborhood Analysis

Confidence Level: Standard (multiple signal types confirmed)

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	North Rhine-Westphalia
City	Gütersloh
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	FFGT-MNT
ASN	AS206813
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	22%	2	4
routing	13%	1	1
services	20%	2	3
ownership	20%	2	3
reputation	19%	1	3
geolocation	19%	2	2
Overall	19%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:46 UTC
Last Seen	2026-06-26 18:11:46 UTC
Profile Built	2026-06-24 03:00:42 UTC
Data Freshness	Live
Signal Types	20
Total Observations	21

🔍 20 signal types · 21 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

192.251.226.128📋 Copy