91.99.139.53
IP Intelligence Briefing: 91.99.139.53
Date: 2026-06-16
---
**Overview**
- Risk Score: 80 (High Risk)
- Provider: Hetzner Online GmbH (Cloud Compute)
- Geolocation: Germany (Berlin), RIPE network
- Network Role: Cloud-hosted infrastructure (no services open)
- Threat Indicators: No active malicious signals detected
---
**Key Findings**
1. Ownership & Provider
- Registered with Hetzner Online GmbH, a German cloud hosting provider.
- Subnet: 91.99.128.0/20 (associated with Hetzner's infrastructure).
2. DNS & Email Security
- Linked to `your-server.de` via PTR record (`static.53.139.99.91.clients.your-server.de`).
- SPF and DMARC records detected, but no TLS certificate or email authentication details.
3. Threat & Abuse
- No direct malware, phishing, or exploit indicators.
- Flagged on 4/8 DNSBL lists (high-severity abuse confidence).
- No historical threat persistence or enumeration activity.
4. Network Behavior
- No open ports or active services detected.
- BGP route stability: Unstable (potential routing anomalies).
- No neighboring IPs in the subnet (abuse density: 0%).
---
**Recommendations**
- Monitor DNSBL Listings: Investigate the 4 DNSBL entries (e.g., Spamhaus, Project Honey Pot) to assess potential abuse.
- Verify Email Security: Confirm SPF/DMArc alignment with email security policies.
- Check Provider Security: Review Hetzner's compliance practices for cloud-hosted assets.
- Enable Network Monitoring: Continuously track routing stability and unexpected DNS changes.
---
**Conclusion**
This IP is a cloud-hosted server with no active malicious activity but carries a high risk score due to DNSBL associations and provider context. While not currently malicious, its infrastructure may be used for legitimate but risky purposes. SOC teams should prioritize monitoring for unexpected behavior or changes in DNS/routing patterns.
Tools Used: IPDebrief Profile, History, Relationships, Neighbors.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Hetzner Online GmbH - Contact Role |
| ASN | AS24940 |
| Network Name | CLOUD-NBG1 |
| CIDR Block | 91.99.128.0/20 |
| RIR | RIPE |
| Country | DE |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | static.53.139.99.91.clients.your-server.de |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | static.53.139.99.91.clients.your-server.de |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 2 |
| routing | 17% | 1 | 1 |
| services | 17% | 1 | 1 |
| ownership | 35% | 2 | 3 |
| reputation | 17% | 1 | 2 |
| geolocation | 17% | 1 | 1 |
| Overall | 21% | 8 | 10 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-06-12 21:36:12 UTC |
| Last Seen | 2026-06-21 20:15:58 UTC |
| Profile Built | 2026-06-21 20:33:32 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 22 |
Full dossier details are available via our API.