188.34.190.189📋 Copy

# IP Intelligence Briefing: 188.34.190.189/32

Date: June 2026

Classification: Moderate Risk

Analyst: IPDebrief Intelligence Platform

---

## Executive Summary

IP address 188.34.190.189 is a hosting infrastructure endpoint operated by Hetzner Online GmbH in Falkenstein, Saxony, Germany. The IP exhibits moderate-risk characteristics (risk score: 40) primarily due to DNSBL listings and operator classification. No direct threat indicators were observed, though the IP is associated with a known hosting environment (your-server.de) and should be monitored for potential abuse escalation.

---

## Technical Profile

Ownership & Network:

• Organization: Hetzner Online GmbH - Contact Role
• ASN: 24940 (Hetzner)
• CIDR Block: 188.34.128.0/17
• RIR: RIPE
• Registration Age: 24 years (delegation age: 8,762 days)

Geolocation:

• Country: Germany (DE)
• Region: Saxony
• City: Falkenstein
• Coordinates: 51.17°N, 10.45°E
• Geo Confidence: Consensus valid across multiple sources

Network Role:

• Classification: Hosting Infrastructure
• Not: Cloud, CDN, VPN, Proxy, Tor, Mobile, or Residential
• Connection Type: Standard hosting endpoint

---

## Services & DNS

Open Ports:

DNS Resolution:

• PTR Record: static.189.190.34.188.clients.your-server.de
• Forward Resolution: mail.flotiva.app
• Domain: your-server.de
• Hosted Domains: 0

Email Authentication:

• SPF Record: Present
• DMARC Record: Present
• TXT Record Count: 0

TLS Certificate:

• Issuer: Let's Encrypt (CN=YR1, O=Let's Encrypt, C=US)
• Subject: mail.flotiva.app
• SANs: mail.flotiva.app
• Self-Signed: No

Web Server:

• Software: nginx
• Protocol: HTTP/2
• HSTS: Enabled (max-age=15768000)
• Content Security Policy: Not present
• Status Code: 200

---

## Threat Intelligence

Risk Indicators:

• Risk Score: 40 (Moderate)
• Abuse Confidence Score: Not available
• Tor Exit Node: No
• Known Attacker: No
• Spam Source: No
• Blacklist Count: 0
• Known Campaigns: None

Control Plane:

• Route Stability: Stable
• RPKI State: Not validated
• IRR Consistency: Match
• BGP Prefix: 188.34.128.0/17
• Route Changes (30d): 0
• DNSBL Listings: 2 of 8 total lists

---

## Observation History

Temporal Analysis:

• Total Observations: 30
• Recent Activity: June 14-19, 2026
• Threat Persistence: 0 days
• Ownership Changes: 0

Key Historical Signals:

• June 19: Network latency measurements (avg RTT: 117ms, min: 113ms, max: 122ms)
• June 14: HTTP/2 server fingerprinting with HSTS enabled, referrer policy: strict-origin, frame options: SAMEORIGIN
• June 14: Operator score 0.6522 (Moderate classification)
• Geo Validation: Mixed signals—some observations plausible, others showing 454km distance from claimed coordinates

Trend: IP profile has remained stable with no significant risk escalation detected over the observation period.

---

## Network Relationships

Relationship Count: 52 associations

Key Associations:

• Same Network: Multiple entries linked to CLOUD-FSN1 network identifier
• DNS Associations: static.189.190.34.188.clients.your-server.de

Campaign Correlation:

• Campaign Likelihood: None
• Certificate Matches: 0
• Banner Matches: 0
• Correlated IPs: 0

---

## Neighborhood Analysis

Subnet: 188.34.190.189/24

Metrics:

• Neighbor Count: 0 (discovered neighbors)
• Abuse Density: 0%
• Classification: Mostly Clean
• Inherited Risk: 2
• Total Siblings: 1
• Active Siblings: 1
• Threat Siblings: 1

Risk Distribution: High: 0, Medium: 0, Low: 0

---

## Recommended Actions

Security Recommendations:

No specific security recommendations generated due to moderate risk profile and lack of direct threat indicators. However, the following firewall rules are available for consideration:

Firewall Rules:

iptables:

```

iptables -A INPUT -s 188.34.190.189 -j DROP

```

nftables:

```

nft add rule inet filter input ip saddr 188.34.190.189 drop

```

nginx:

```

deny 188.34.190.189;

```

pfSense:

```

188.34.190.189/32

```

Cloudflare WAF:

```json

{

"description": "Block 188.34.190.189 — IPDebrief risk score 40",

"action": "block",

"filter": {

"expression": "ip.src eq 188.34.190.189"

}

}

```

AWS WAF:

```json

{

"Addresses": ["188.34.190.189

AWS WAF:

```json

{

"Addresses": ["188.34.190.189/32"],

"Description": "IPDebrief risk 40"

}

```

---

## Threat Assessment

Current Risk Level: Moderate Risk (40/100)

Key Risk Factors:

• DNSBL listings (2 of 8 total lists)
• Operator classification: Moderate (score 0.6522)
• Hosting infrastructure type (potential for abuse)
• Geographic proximity to high-density hosting region

Mitigating Factors:

• No direct threat indicators observed
• No known campaign associations
• Email authentication properly configured (SPF, DMARC)
• HSTS enabled on web server
• Stable BGP route history with no recent changes

---

## Intelligence Conclusions

IP address 188.34.190.189 presents a moderate-risk profile consistent with standard hosting infrastructure. The IP is owned by Hetzner Online GmbH, a legitimate cloud hosting provider, and operates legitimate services (web, SSH, HTTPS). While the IP shows some DNSBL listings and moderate operator classification, no active malicious behavior has been observed in the historical record.

Recommended SOC Actions:

1. Monitor for increased abuse activity or escalation in threat signals

2. Review any security alerts generated from this IP range

3. Consider adding to watchlist for intelligence correlation

4. Evaluate against existing threat intelligence feeds for context

Priority: Low-Medium

Action Required: Monitor and Correlate

---

*Report generated by IPDebrief Intelligence Platform. Data sourced from network probes, DNS lookups, and threat intelligence feeds as of June 2026.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.