91.99.9.253📋 Copy

# IP Intelligence Briefing: 91.99.9.253

Classification: Moderate Risk (Score: 40)

Date: June 2026

Intel Source: IPDebrief Network Intelligence Platform

---

## Executive Summary

IP 91.99.9.253 is a single-service host within the Hetzner Online GmbH infrastructure in Falkenstein, Saxony, Germany. The IP demonstrates moderate risk characteristics with DNS blacklist presence but lacks definitive malicious indicators. Infrastructure is classified as hosting with active SSH service exposure.

---

## Technical Profile

---

## Network Infrastructure

• Provider: Hetzner Online GmbH (German hosting provider)
• Network Range: 91.99.0.0/16
• BGP Prefix: 91.99.0.0/16
• Route Stability: Unstable (route changes detected)
• Cloud Status: Hosted infrastructure identified
• ISP Classification: Hosting provider (not CDN, VPN, or proxy)

---

## Observed Services

Open Ports:

• TCP/22 (SSH): Open with banner "SSH-2.0-OpenSSH_10.2p1 Ubuntu-2ubuntu3.2"

DNS Configuration:

• Forward resolution: Confirmed (1 hostname)
• PTR record: static.253.9.99.91.clients.your-server.de
• SPF Record: Present
• DMARC Record: Present
• Forward hostnames: 1 (your-server.de ecosystem)

---

## Threat Indicators

---

## Neighborhood Analysis (91.99.9.0/24)

• Abuse Density: 1 (on scale 0-4)
• Subnet Classification: Mostly Clean
• Total Siblings: 1
• Active Siblings: 1
• Threat Siblings: 1
• Inherited Risk Score: 2
• Risk Distribution: High (0), Medium (0), Low (0)

---

## Relationship Graph

• DNS Associations: static.253.9.99.91.clients.your-server.de (multiple entries)
• Network Associations: CLOUD-FSN1 (Hetzner cloud datacenter network)
• Total Relationships: 54 identified connections
• Primary Domain: your-server.de

---

## Observation History

Total Observations: 23 signals recorded

Recent Signals:

• June 28, 2026: Cloud infrastructure classification (confidence: 90%)
• June 20, 2026: Abuse density monitoring (confidence: 40%)
• June 20, 2026: Ownership stability signals (confidence: 85%)
• June 20, 2026: Threat list monitoring (confidence: 20%)

Temporal Indicators:

• Ownership Changes: 0
• Threat Persistence Days: 0
• Persistently Malicious: No
• Threat Observation Count: 1

---

## Recommended Actions

Based on risk profile and observed signals, the following defensive measures are recommended:

Immediate Firewall Rules

iptables:

```

iptables -A INPUT -s 91.99.9.253 -j DROP

```

nftables:

```

nft add rule inet filter input ip saddr 91.99.9.253 drop

```

nginx:

```

deny 91.99.9.253;

```

pfSense:

```

91.99.9.253/32

```

Cloudflare WAF:

```json

{

"description": "Block 91.99.9.253 — IPDebrief risk score 40",

"action": "block",

"filter": {"expression": "ip.src eq 91.99.9.253"}

}

```

AWS WAF:

```json

{

"Addresses": ["91.99.9.253/32"],

"Description": "IPDebrief risk 40"

}

```

---

## Intelligence Assessment

IP 91.99.9.253 presents moderate risk due to DNS blacklist presence and routing instability within the Hetzner hosting infrastructure. While no active malicious campaigns or known attacker signatures have been identified, the IP's association with your-server.de and its position within the CLOUD-FSN1 datacenter network warrants continued monitoring.

The subnet-level analysis indicates one threat sibling within the /24, suggesting potential cluster-based activity. The SSH-only service configuration indicates this is a dedicated server host rather than a general-purpose endpoint.

Recommendation: Implement blocking measures per the firewall rules above, but consider the IP's hosting context and verify business justification before permanent takedown. Monitor for correlation with other your-server.de infrastructure IPs to determine if this represents isolated activity or coordinated behavior.

---

Generated by: IPDebrief Intelligence Platform

Classification: Defensive Security Intelligence

Authorization: SOC Analyst Review Required

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.