192.251.226.252
# IP Intelligence Briefing: 192.251.226.252/32
Classification: Moderate Risk | Date: 2026-06-04
## Executive Summary
Target IP 192.251.226.252 is assigned to ASN 206813 (FFGT-MNT) and geolocated to Gütersloh, Germany (DE). The IP exhibits a moderate risk score of 40/100 and is classified as "firewalled with no services." While the IP itself shows no active threat indicators, its /24 subnet (192.251.226.0/24) demonstrates elevated abuse activity with a density score of 0.7188 and "high_abuse" classification.
## Risk Profile Assessment
Overall Risk Score: 40 (Moderate Risk)
| Metric | Value | Assessment |
|---|---|---|
| Provider Score | 0 | No provider infrastructure |
| Authority Score | 0 | No authoritative presence |
| Stability Score | 0 | No historical stability data |
| Blacklist Count | 0 | Clean on major feeds |
| DNSBL Listings | 1/8 lists | Minimal listing presence |
Threat Indicators: None detected. The IP is not identified as a Tor exit node, known attacker, or spam source. No known campaigns or threat feed correlations.
## Network Infrastructure Analysis
Network Role: Firewalled / No Services
- Open Ports: None detected
- DNS Resolution: Forward resolution incomplete; PTR records present but unconfirmed
- HTTP Services: No web services detected
- TLS/Certificates: None observed
- IP Classification: Not bogon, cloud, CDN, VPN, proxy, or hosting infrastructure
Control Plane Data:
- BGP Prefix: 192.251.226.0/24
- Route Stability: Unstable (route_changes_30d: 0, isRouteStable: false)
- RPKI State: Not verified
- IRR Consistency: Not verified
## Neighborhood Analysis (192.251.226.0/24)
Subnet Abuse Density: 0.7188 (High Abuse)
| Metric | Value |
|---|---|
| Total Subnet IPs | 256 |
| Active Siblings | 191 |
| Threat Siblings | 184 |
| Risk Classification | High Abuse |
Neighbor Risk Distribution (Sample of 100):
- High Risk: 0 (0%)
- Medium Risk: 2 (2%)
- Low Risk: 98 (98%)
Key Observations:
- 184 threat siblings indicate significant abuse activity within the /24
- Most neighbor IPs exhibit low risk scores (25) with moderate authority scores (50-60)
- The subnet shows high density of active endpoints (191/256 active)
## Historical Signal Analysis
Observation Count: 21 signals
Temporal Trends:
- Most recent signals: 2026-06-04
- Operator Score: 0.1304 (Minimal)
- Geolocation consistency: Consistent DE/NW/Gütersloh assignment
- Subnet classification: Consistent "high_abuse" designation
Signal Evolution:
- No significant ownership changes detected
- Threat persistence: 0 days (not persistently malicious)
- Threat observation count: 1 (isolated event)
## Relationship Graph Analysis
Total Relationships: 72
Primary Relationship Type: Same Network (FFGT-NET2)
- 67+ relationships classified as "Same Network"
- No external cross-network relationships identified
- All relationships point to FFGT-NET2 network infrastructure
## Recommended Actions
Defensive Measures
1. Monitoring: Flag for enhanced monitoring due to high-abuse subnet classification
2. Block List Consideration: Evaluate for addition to threat intelligence feeds given 184 threat siblings
3. Rate Limiting: Implement rate limiting for inbound traffic from /24 subnet
4. Reputation Scoring: Apply conservative reputation score of 40 for traffic handling
Firewall Rules
```bash
# Rate limit traffic from subnet
iptables -A INPUT -s 192.251.226.0/24 -m limit --limit 10/min --limit-burst 20 -j ACCEPT
iptables -A INPUT -s 192.251.226.0/24 -j DROP
```
Intelligence Notes
- Subnet exhibits elevated abuse density (0.7188)
- 184 threat siblings suggest coordinated or shared infrastructure misuse
- IP itself is not actively malicious but warrants defensive posture
- No evidence of command-and-control activity or malware distribution from this specific IP
Status: Monitor | Confidence: Medium | Next Review: 30 days
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | FFGT-MNT |
| ASN | AS206813 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 192.251.226.252 |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 192.251.226.252 |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 22% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 19% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 19% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:47 UTC |
| Last Seen | 2026-06-26 18:11:46 UTC |
| Profile Built | 2026-06-24 03:20:55 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 22 |
Full dossier details are available via our API.