176.95.238.208

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 176.95.238.208

Date: 2026-06-02

---

1. Core Profile

Risk Assessment:

- Reputation: Low Risk (riskScore: 0, providerScore: 0, authorityScore: 0).

- Threat Indicators: No malicious activity, spam, or known attacker associations.

- Network Role: Mobile carrier infrastructure (Vodafone Germany IP Core Backbone), LTE/5G network.

Geolocation:

- Location: Würzburg, Bavaria, Germany (latitude: 51.17, longitude: 10.45).

- ISP: Vodafone GmbH (MCC: 262, MNC: 02).

- Accuracy: 400 km radius, RTT consistency (avg: 120.6 ms).

Ownership:

- ASN: 3209 (Vodafone Germany).

- Subnet: 176.95.238.208/24, classified as "mostly_clean" with abuse density 1.

---

2. Network & Service Activity

Services:

- Open ports: HTTP (80), HTTPS (443).

- TLS Certificate:

- Issuer: Let’s Encrypt (CN=R10).

- Subject: chefportrait.de (SAN: chefportrait.de).

- Valid: No expiration date provided (may require further validation).

DNS:

- PTR hostname: *business-176-095-238-208.static.arcor-ip.net*.

- No email authentication records (SPF/DMARC).

Control Plane:

- BGP prefix: 176.95.0.0/16.

- RPKI state: Not reported.

- DNSSEC: Validated.

---

3. Observation History

Temporal Trends:

- 23 signals recorded (last 30 days).

- No persistent malicious activity; threat observation count: 1.

- Geolocation and network stability consistent over time.

Anomalies:

- One "connection_failed" signal for HTTPS (confidence: 30%).

- No DNSBL listings or route instability.

---

4. Relationships & Neighborhood

Linked Entities:

- DNS: *business-176-095-238-208.static.arcor-ip.net*.

- Network: DE-ARCOR-20110711 (Vodafone).

Subnet Analysis:

- /24 Subnet: 176.95.238.208/24.

- Neighbors: 0 active IPs listed (abuse density: 0).

- Classification: "mostly_clean" with inherited risk score: 2.

---

5. Threat & Actionable Insights

No Indicators of Compromise:

- No malware, phishing, or campaign activity detected.

- TLS certificate appears legitimate but tied to a specific domain (*chefportrait.de*).

SOC Recommendations:

- Monitor traffic to *chefportrait.de* for unusual patterns.

- No immediate firewall rules required due to low risk.

- Validate TLS certificate expiration date for *chefportrait.de*.

---

Conclusion:

This IP is a legitimate mobile carrier asset associated with Vodafone Germany. It serves a business domain (*chefportrait.de*) via HTTPS and shows no malicious activity. No further action is required, but ongoing monitoring of the associated domain is advised.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	Bavaria
City	Würzburg
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	Vodafone Germany IP Core Backbone
ASN	AS3209
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	business-176-095-238-208.static.arcor-ip.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`business-176-095-238-208.static.arcor-ip.net`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	1/2 domains
DMARC	0/2 domains
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured
Domains Checked	2 domains

☁️ Network Classification

Infrastructure	Mobile
Service Purpose	Web Server
Network Tier	Tier 3 — Basic operator with some routing infrastructure

Mobile

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
Closed Ports	22, 25, 3389, 8080, 8443 (2 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

An expired certificate for CN=chefportrait.de was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.

🔒

CN=chefportrait.de

Issued by CN=R10, O=Let's Encrypt, C=US

Self-signed: No

SANs	chefportrait.de
Valid From	2024-12-07T16:56:06+00:00
Valid Until	2025-03-07T16:56:05+00:00 (expired)
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	89 days
Serial Number	036668B4F3EC368FCF05D36D33531F55AD3E
Thumbprint	760AC0F339CEF7E37DF53B076417093589AD563B

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	29%	2	4
routing	13%	1	1
services	26%	2	3
ownership	24%	2	3
reputation	24%	1	3
geolocation	30%	2	3
Overall	24%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:03:56 UTC
Last Seen	2026-06-22 22:04:21 UTC
Profile Built	2026-06-22 22:09:33 UTC
Data Freshness	Live
Signal Types	24
Total Observations	26

🔍 24 signal types · 26 observations collected

This report is generated from 24+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

176.95.238.208📋 Copy

**1. Core Profile**

**2. Network & Service Activity**

**3. Observation History**

**4. Relationships & Neighborhood**

**5. Threat & Actionable Insights**