65.109.87.150

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 65.109.87.150/32

## Executive Summary

Target IP 65.109.87.150 is a low-risk web hosting endpoint operated by Hetzner Online GmbH (AS24940) in Helsinki, Finland. The IP demonstrates consistent web server behavior with no active threat indicators, but requires monitoring for potential hosting infrastructure abuse.

## Network Profile

Organization: Hetzner Online GmbH - Contact Role
ASN: 24940 (Hetzner)
Location: Helsinki, Finland (FI) / Uusimaa
CIDR Block: 65.109.0.0/16 (BGP prefix: 65.109.0.0/16)
Classification: Web Hosting Infrastructure
DNS Record: static.150.87.109.65.clients.your-server.de (your-server.de)
PTR Reverse: static.150.87.109.65.clients.your-server.de

## Service Exposure

Port	Protocol	Service	Server Banner
443	TCP	HTTPS	nginx/1.31.0
22	TCP	SSH	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
8080	TCP	HTTP-alt	nginx/1.31.0

TLS certificate issued for api.betralf.com. HTTP/2 enabled.

## Risk Assessment

Risk Score: 25 (Low)
Provider Score: 0
Abuse Confidence: Not elevated
Known Attacker: No
Spam Source: No
Tor Exit Node: No
Blacklist Status: Listed on 1 DNSBL out of 8 total checks

## Historical Behavior (22 Observations)

The IP has demonstrated consistent web server behavior over the observation period:

June 2026: Consistent HTTPS responses (status 200), nginx/1.31.1 server fingerprint, Next.js application detected, HTTP/2 enabled
Operator Score: 0.3478 (Basic classification)
No observable escalation in threat profile or service behavior
Ownership stability: No changes recorded

## Network Relationships

DNS Associations: static.150.87.109.65.clients.your-server.de (repeated entries)
Network Association: DE-HETZNER-20010209
Total Relationships: 44 unique entities
Campaign Correlation: None detected

## Neighborhood Analysis (Subnet: 65.109.87.150/24)

Abuse Density: 1 (low)
Classification: Mostly Clean
Total Siblings: 1
Active Siblings: 1
Threat Siblings: 1
Inherited Risk: 2

## Recommendations

1. Block SSH access (port 22) from untrusted sources if internal policy prohibits SSH exposure

2. Monitor port 8080 for HTTP-alt traffic patterns; verify legitimate business use

3. No immediate blocking required based on current risk profile

4. Add to allow-list if this IP is a known legitimate service endpoint

5. Monitor for changes in DNS records or certificate rotation indicating infrastructure changes

## Threat Indicators

Campaign Likelihood: None
Cert Matches: 0
Banner Matches: 0
Correlated IPs: 0

---

*Generated from IPDebrief intelligence data. Classification: Defensive Security Analysis.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇫🇮 Finland
Region	Uusimaa
City	Helsinki
Timezone	Europe/Helsinki
Latitude	60.17
Longitude	24.93

🏢 Ownership & Registration

Organization	Hetzner Online GmbH - Contact Role
ASN	AS24940
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	static.150.87.109.65.clients.your-server.de
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`static.150.87.109.65.clients.your-server.de`

🔐 DNS Hygiene

Hygiene Score	100% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
8080	http-alt	tcp	—
Closed Ports	25, 80, 3389, 8443 (3 open / 7 scanned)

Server	nginx/1.31.0
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16

🔐 TLS Certificate

A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.

⚠️

CN=api.betralf.com

Issued by CN=api.betralf.com

Self-signed: Yes

SANs	None
Valid From	2026-05-14T12:49:17+00:00
Valid Until	2036-05-11T12:49:17+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	3650 days
Serial Number	2D0CFFC91D7979F6F4C31F08BE8B4F06681BB2F6
Thumbprint	122368EED1EB00DC71CD73204B93166719E4A9B4

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	25%	2	4
routing	13%	1	1
services	30%	2	3
ownership	24%	2	3
reputation	26%	1	3
geolocation	25%	2	2
Overall	24%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-16 08:57:34 UTC
Last Seen	2026-06-28 03:30:42 UTC
Profile Built	2026-06-28 21:36:22 UTC
Data Freshness	Live
Signal Types	22
Total Observations	26

🔍 22 signal types · 26 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

65.109.87.150📋 Copy