# IP Intelligence Briefing: 91.98.167.31/32
## Executive Summary
IP address 91.98.167.31 is a moderate-risk cloud computing resource hosted on Hetzner Online GmbH infrastructure in Nuremberg, Germany. The address operates as a web server with standard HTTP/HTTPS services and SSH access. Risk scoring indicates moderate concern (40/100), though no active threat indicators or known campaigns were identified.
## Risk Profile
- Risk Score: 40 (Moderate Risk)
- Classification: CloudCompute/Hosting infrastructure
- Provider: Hetzner Online GmbH (AS24940)
- Network Block: 91.98.167.0/24 (CLOUD-NBG1)
- Abuse Confidence: Not classified as known attacker or spam source
## Geolocation
- Country: Germany (DE)
- Region: Bavaria
- City: Nuremberg
- Coordinates: 51.17°N, 10.45°E
- Geo Validation: Plausible (ICMP probe blocked)
## Network Services
- Open Ports: 22/SSH, 80/HTTP, 443/HTTPS
- TLS Certificate: TRAEFIK DEFAULT CERT (proxy/ingress controller)
- PTR Record: static.31.167.98.91.clients.your-server.de
- Infrastructure Type: Cloud hosting provider
## Threat Indicators
- Blacklist Status: Not listed on any known threat feeds
- DNSBL Listings: 2 of 8 total lists
- Campaign Correlation: None detected
- Tor Exit Node: No
- Known Attacker: No
## Relationship Graph
The IP maintains 41 documented relationships, including DNS associations and network topology connections to CLOUD-NBG1. No correlated malicious entities or campaign participants were identified.
## Neighborhood Analysis (91.98.167.0/24)
- Subnet Classification: Mostly clean
- Abuse Density: 0 (low)
- Neighbor Count: 1 (91.98.167.226)
- Risk Distribution: 1 medium-risk neighbor
- Inherited Risk Score: 5
- Threat Siblings: 2
## Observation History
Signal observation history contains 26 data points. Recent observations (2026-06-21) show stable geolocation and network classification. The IP demonstrates minimal threat persistence with a single threat observation recorded.
## Recommended Security Actions
Despite moderate risk classification, no automated security actions were recommended. The following rules may be implemented for defense-in-depth:
- Firewall: Block or monitor traffic from 91.98.167.31/32
- WAF Rules: Configure rules to allow traffic but monitor for anomalies
- Recommendation: Implement rate limiting and connection monitoring due to moderate risk score
## Assessment
IP 91.98.167.31 represents legitimate cloud hosting infrastructure with moderate-risk classification. The absence of known threat indicators, combined with stable geolocation and minimal neighborhood activity, suggests operational cloud services rather than malicious activity. The moderate risk score (40) warrants monitoring but does not indicate immediate threat.
Recommendation: Monitor traffic patterns and DNS activity. No immediate blocking required unless additional threat intelligence emerges.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Hetzner Online GmbH - Contact Role |
| ASN | AS24940 |
| Network Name | CLOUD-NBG1 |
| CIDR Block | 91.98.160.0/20 |
| RIR | RIPE |
| Country | DE |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | static.31.167.98.91.clients.your-server.de |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | static.31.167.98.91.clients.your-server.de |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | 1/2 domains |
| DMARC | 1/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
| SANs | 0021c9c8c4fa1ec203c0140a7e622b61.e3112ce5538b709f90a9d3adee9d28c1.traefik.default |
| Valid From | 2026-06-11T15:47:46+00:00 |
| Valid Until | 2027-06-11T15:47:46+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_128_GCM_SHA256 |
| Signature Algorithm | sha256RSA |
| Validity Period | 365 days |
| Serial Number | 5F6AB38296AB1ADB89A4A5D6918F1042 |
| Thumbprint | 825B9EE99CF242B77CF0357E02B9B602688B139D |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 27% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 24% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-31 11:15:18 UTC |
| Last Seen | 2026-06-29 08:40:47 UTC |
| Profile Built | 2026-06-29 08:44:47 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 27 |
Full dossier details are available via our API.