IP Intelligence Briefing: 91.98.215.154
Date: 2026-06-15
---
**1. Risk Profile**
- Risk Score: Moderate (40/100)
- Provider: Hetzner Online GmbH (ASN 24940)
- Geolocation: Germany (DE), coordinates 51.17°N, 10.45°E
- Network Role: CloudCompute infrastructure (Hosting, Web Server)
- Threat Indicators: No malicious activity detected (zero threat feeds, no blacklists, no campaign associations).
---
**2. Network & Subnet Analysis**
- Subnet: 91.98.215.154/24
- Abuse Density: 1/10 (low risk)
- Neighboring IPs: No active IPs identified in the subnet (neighbors tool returned zero results).
- BGP Context:
- Origin ASN: 24940 (HOS-GUN)
- BGP Prefix: 91.98.0.0/16
- Route Stability: Unstable (routeChanges30d = 0, isRouteStable = false).
---
**3. Service & Technical Observations**
- Open Ports:
- TCP 80 (HTTP), 443 (HTTPS), 22 (SSH)
- SSH Banner: `SSH-2.0-OpenSSH_10.0p2 Debian-7`
- Web Server:
- Caddy HTTP/2 server (Gunicorn backend)
- HTTP/2 enabled, HSTS headers, CSP, and CSP headers configured.
- No suspicious banners or certificates detected.
- DNS:
- PTR hostname: `static.154.215.98.91.clients.your-server.de`
- SPF/DKIM/DMARC records present (no email-based threats detected).
---
**4. Temporal & Behavioral Trends**
- Observation History:
- Two distinct observations (June 7 and 14, 2026) showing consistent HTTP/2 service behavior.
- No significant changes in risk scores or network activity.
- Persistence:
- No signs of persistent malicious activity (threatPersistenceDays = 0).
---
**5. Relationships & Associations**
- DNS Associations:
- Linked to `your-server.de` (hostname: `static.154.215.98.91.clients.your-server.de`).
- Network Relationships:
- Shared subnet with HOS-GUN (ASN 24940).
- No correlated IPs or campaigns detected.
---
**6. Recommendations**
- Monitor: Track changes in BGP routes or DNS records for the subnet.
- Secure: Ensure web server (Caddy/Gunicorn) is patched and configured with strict security headers.
- Investigate: Verify ownership of `your-server.de` and check for unauthorized subdomains.
- Firewall: Consider blocking unused ports (e.g., 80/443) if non-essential for the service.
---
Tools Used: ipdebrief_profile, ipdebrief_history, ipdebrief_relationships, ipdebrief_neighbors.
Note: No immediate threat detected, but ongoing monitoring is advised due to cloud infrastructure risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | HOS-GUN |
| ASN | AS24940 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | static.154.215.98.91.clients.your-server.de |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | static.154.215.98.91.clients.your-server.de |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Caddy |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_10.0p2 Debian-7 |
๐ TLS Certificate
was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.| SANs | None |
| Valid From | 2026-05-30T06:52:13+00:00 |
| Valid Until | 2026-05-30T18:52:13+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_128_GCM_SHA256 |
| Signature Algorithm | sha256ECDSA |
| Validity Period | 0 days |
| Serial Number | 00A3D19A42F0535495F32381969C5072DA |
| Thumbprint | C5E905EAC1413FC67A620522397F780D4394B460 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 25% | 10 | 17 |
| Data Coherence | Mostly Consistent (85%) โ 1 contradiction(s) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-14 23:36:57 UTC |
| Last Seen | 2026-06-28 01:48:06 UTC |
| Profile Built | 2026-06-28 19:53:12 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 26 |
Full dossier details are available via our API.