176.9.158.217

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## IP Intelligence Briefing: 176.9.158.217/32

Executive Summary

IP 176.9.158.217 is a low-risk web server infrastructure address hosted by Hetzner Online GmbH in Falkenstein, Germany. The IP operates as a cloud computing service provider endpoint with no known malicious indicators. Risk score: 25/100.

---

Ownership and Infrastructure

Provider: Hetzner Online GmbH (ASN 24940)
Network Block: 176.9.158.192/27 (HETZNER-fsn1-dc7)
Location: Falkenstein, Saxony, Germany (51.17°N, 10.45°E)
Infrastructure Type: CloudCompute / Web Server
Network Classification: Hosting infrastructure, not residential or mobile

Network Services

Open Ports: 80/tcp (HTTP), 443/tcp (HTTPS)
HTTP/2 Support: Enabled
HSTS: Configured (max-age=31536000; includeSubDomains)
TLS Certificate: Kubernetes Ingress Controller Fake Certificate (CN=ingress.local)
Reverse DNS: static.217.158.9.176.clients.your-server.de
Forward Resolution: Confirmed to your-server.de domain

Threat Assessment

Risk Score: 25 (Low Risk)
Known Campaigns: None identified
Blacklist Status: 0 blacklists (profile shows 1 DNSBL listing across 8 total lists)
Tor/Proxy: Not identified as Tor exit node, proxy, or VPN
Abuse Confidence: Not flagged as known attacker or spam source

Observation History (21 Signals)

Recent observations (2026-06-21) indicate:

Geolocation: Consistent DE attribution with 400km accuracy radius
HTTP Status: 404 Not Found responses
Operator Score: Basic (0.3478)
No evidence of escalating threat behavior or persistent malicious activity

Network Relationships

DNS Associations: Linked to static.217.158.9.176.clients.your-server.de (38 relationship entries)
Network Context: Part of HETZNER-fsn1-dc7 network block
Subnet Analysis: 176.9.158.0/24 shows low abuse density

Neighborhood Context (176.9.158.0/24)

Abuse Density: 1 (low)
Subnet Classification: Mostly clean
Siblings: 1 active sibling IP, 1 threat sibling IP detected in broader subnet
Risk Distribution: No high-risk neighbors in immediate vicinity

Recommended Actions

Based on low-risk profile and legitimate hosting infrastructure classification:

1. Monitor: Continue passive observation for any behavioral changes

2. Allow: Standard web traffic permitted (ports 80/443)

3. No Firewall Blocks: No immediate blocking recommended

4. Certificate Verification: Note self-signed Kubernetes certificate; may indicate internal infrastructure rather than public-facing web service

Intelligence Notes

The IP exhibits characteristics of legitimate cloud infrastructure hosting. The Kubernetes Ingress certificate suggests internal container orchestration rather than public web presence. The 404 status code across observations indicates the endpoint may not actively serve content at the time of scanning. No actionable threat indicators detected.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	Saxony
City	Falkenstein
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	Hetzner Online GmbH - Contact Role
ASN	AS24940
Network Name	HETZNER-fsn1-dc7
CIDR Block	176.9.158.192/27
RIR	RIPE
Country	DE
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	static.217.158.9.176.clients.your-server.de
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`static.217.158.9.176.clients.your-server.de`

🔐 DNS Hygiene

Hygiene Score	100% (Excellent)
SPF	1/2 domains
DMARC	1/2 domains
FCrDNS	Verified
DNSSEC	Valid
CAA	Present
Domains Checked	2 domains

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
Closed Ports	22, 25, 3389, 8080, 8443 (2 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.

⚠️

CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co

Issued by CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co

Self-signed: Yes

SANs	ingress.local
Valid From	2026-05-22T15:22:45+00:00
Valid Until	2027-05-22T15:22:45+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	365 days
Serial Number	009D7AF5238AC26073D766152A4B40F8F1
Thumbprint	56CEC0DB4DD460600F9F4BE58FB5E310696FD73C

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	4
routing	8%	1	1
services	30%	2	4
ownership	27%	2	3
reputation	22%	1	3
geolocation	35%	2	3
Overall	25%	10	18

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-27 19:21:53 UTC
Last Seen	2026-06-29 04:36:40 UTC
Profile Built	2026-06-29 04:38:29 UTC
Data Freshness	Live
Signal Types	21
Total Observations	22

🔍 21 signal types · 22 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

176.9.158.217📋 Copy