# IP Intelligence Briefing: 192.251.226.6
## Executive Summary
IP 192.251.226.6 is classified as Low Risk (Risk Score: 25) with no active threat indicators. The address operates as a firewalled endpoint in Gütersloh, Germany, belonging to ASN 206813 (FFGT-MNT). While the IP itself shows minimal malicious activity, its /24 neighborhood exhibits elevated abuse density (0.4883), warranting contextual awareness.
## Current Profile Assessment
Ownership & Network Classification:
- ASN: 206813 (FFGT-MNT)
- RIR: ARIN
- Country: DE (Germany)
- Region: North Rhine-Westphalia
- City: Gütersloh
- CIDR Block: 192.251.226.0/24
- Network Role: Firewalled / No Services
Threat Indicators:
- Risk Score: 25 (Low Risk)
- Is Tor Exit: No
- Known Attacker: No
- Spam Source: No
- Blacklist Count: 0
- DNSBL Listed: 1 of 8 total lists
- Threat Feeds: None detected
DNS Analysis:
- PTR Hostname: dc3.blogdoch.net
- Forward Resolution: blogdoch.net
- Forward Confirmed: No
- Email Auth (SPF/DMARC): Not configured
## Network Neighborhood Context (192.251.226.0/24)
The /24 subnet shows mixed classification with elevated activity:
- Abuse Density: 0.4883 (48.83%)
- Total Siblings: 256
- Active Siblings: 162
- Threat Siblings: 125
- Risk Distribution: 0 High, 75 Medium, 25 Low
This indicates the subnet contains significant malicious activity, though the specific IP 192.251.226.6 appears isolated from active threats.
## Observation History
Historical signals indicate:
- Recent geo-location validation in Germany (June 2024)
- Blacklist listing detected on June 3, 2026 with high severity
- ICMP validation challenges (ICMP blocked)
- Overall threat persistence: 0 days
- Persistent Malicious: No
## Security Actions & Recommendations
No automated firewall rules are currently recommended. The low risk score combined with firewalled status suggests:
- Monitor for changes in service exposure
- Consider context-aware policies based on neighborhood risk
- No immediate blocking required based on current profile
## Intelligence Narrative
The IP 192.251.226.6 operates as a dormant endpoint with no open services or active threat indicators. While the parent /24 subnet shows significant abuse density, this specific address maintains a low-risk posture. The DNS association with blogdoch.net suggests potential legitimate infrastructure, though the lack of forward resolution confirmation and absence of email authentication records warrant periodic verification. SOC teams should monitor for any changes in service exposure or neighborhood activity that could correlate with the elevated subnet risk profile.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | FFGT-MNT |
| ASN | AS206813 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | dc3.blogdoch.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | dc3.blogdoch.net |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 18% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:45 UTC |
| Last Seen | 2026-06-26 18:11:45 UTC |
| Profile Built | 2026-06-24 02:38:41 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 21 |
Full dossier details are available via our API.