88.198.64.173

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target: 88.198.64.173/32

Classification: Moderate Risk Web Infrastructure

Report Date: June 14, 2026

---

## EXECUTIVE SUMMARY

IP 88.198.64.173 is a German web hosting endpoint operating within the Hetzner Online GmbH cloud infrastructure. The IP presents a moderate risk profile (55/100) with evidence of infrastructure hosting services. While the IP itself is not flagged as a direct threat source, neighborhood analysis indicates the presence of one malicious sibling in the same /24 subnet.

---

## INFRASTRUCTURE PROFILE

Attribute	Value
Organization	Hetzner Online GmbH (ASN 24940)
Location	Falkenstein, Saxony, Germany (51.17°N, 10.45°E)
CIDR Block	88.198.0.0/16 (BGP Origin)
Infrastructure Type	CloudCompute / Web Hosting
Network Role	Web Server
DNS Resolution	mail.bluost.net (Forward Confirmed)

---

## NETWORK SERVICES

Port	Protocol	Service	Status
80	TCP	HTTP	Open
443	TCP	HTTPS	Open
8443	TCP	HTTPS-Alt	Open

TLS Certificate Analysis:

Issuer: Let's Encrypt (R13)
Subject: panel.bluost.net
Certificate Type: Valid, not self-signed

Server Fingerprint:

Web Server: Apache
Management Platform: PleskLin
HTTP Version: 1.1
Status Code: 303 (Redirection)
Security Headers: X-Frame-Options: SAMEORIGIN

---

## EMAIL AUTHENTICATION

SPF: Configured
DMARC: Configured
PTR Hostname: mail.bluost.net
Forward Resolution: mail.bluost.net

---

## THREAT ASSESSMENT

Risk Score: 55 (Moderate Risk)

Threat Indicators:

No active threat indicators detected
Not a Tor exit node
Not classified as a known attacker
Not a spam source
Zero active blacklist entries

Control Plane Metrics:

DNSBL Listings: 3 (of 8 total lists)
Operator Score: 0.2609 (Basic)
Route Stability: False
RPKI State: Not validated

---

## SUBNET ANALYSIS

Neighborhood: 88.198.64.173/24

Abuse Density: 1/10 (Low)
Classification: Mostly Clean
Total Siblings: 1
Active Siblings: 1
Threat Siblings: 1

Neighboring IP Risk Distribution:

High Risk: 0
Medium Risk: 0
Low Risk: 0

---

## OBSERVATION HISTORY

Total Observations: 23 signals recorded

Most Recent Activity: June 14, 2026

Key Historical Signals:

HTTP response fingerprinting (PleskLin generator)
Geolocation inference (Germany, 400km accuracy radius)
DNSSEC validation status
HTTP security header configuration

Temporal Indicators:

Threat Persistence Days: 0
Ownership Changes: 0
Persistently Malicious: False

---

## RELATIONSHIP MAPPING

Total Relationships Identified: 45

Key Associations:

Network: HETZNER-ONLINE-AG-EIGENE-NETZE (Same Network)
DNS: mail.bluost.net (DNS Association)

---

## RECOMMENDED ACTIONS

Security Posture: Monitor

Classification: Low-Priority Infrastructure

Recommended Monitoring:

1. Track 88.198.64.0/24 for emerging threats (1 threat sibling present)

2. Monitor mail.bluost.net domain for abuse indicators

3. Review 3 DNSBL listings for context and potential false positives

No immediate blocking recommended. The IP operates as legitimate web hosting infrastructure with no direct threat indicators. Monitor neighborhood for related malicious activity.

---

Analysis Tool: IPDebrief

Data Confidence: High (Multi-source consensus)

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	Saxony
City	Falkenstein
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	Hetzner Online GmbH - Contact Role
ASN	AS24940
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	mail.bluost.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`mail.bluost.net`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	Apache
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15

🔐 TLS Certificate

🔒

CN=panel.bluost.net

Issued by CN=R13, O=Let's Encrypt, C=US

Self-signed: No

SANs	panel.bluost.net
Valid From	2026-05-14T13:10:37+00:00
Valid Until	2026-08-12T13:10:36+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	89 days
Serial Number	051DBD9B8EFD202B2F9C482B1C49FCD972EE
Thumbprint	EB7EC089A957498098B46628C228D74638E0A078

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	4
routing	13%	1	1
services	35%	2	3
ownership	24%	2	3
reputation	26%	1	3
geolocation	30%	2	3
Overall	26%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:40 UTC
Last Seen	2026-06-27 09:34:38 UTC
Profile Built	2026-06-28 03:41:12 UTC
Data Freshness	Live
Signal Types	24
Total Observations	28

🔍 24 signal types · 28 observations collected

This report is generated from 24+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

88.198.64.173📋 Copy