95.182.97.39

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING: 95.182.97.39/32

Classification: LOW RISK | Date: 2026-06-25

## Executive Summary

IP 95.182.97.39 is a low-risk web server endpoint operating within the 95.182.97.0/24 subnet under ASN 56971 (MNT-NETART). Current risk assessment scores 25/100. No active threat indicators observed, with zero blacklist enumerations. The subnet maintains a clean abuse classification (0% abuse density).

## Risk Profile

Metric	Value	Assessment
Risk Score	25	LOW
Reputation	Low Risk	ACCEPTABLE
Provider Score	0	N/A
Authority Score	0	N/A
Operator Score	0.1304	MINIMAL

## Technical Characteristics

Geolocation: France (FR) – Montserrat region (750km accuracy radius)

Network Role: Web Server (gws server fingerprint)

ASN: 56971 (CloudBackbone network)

RIR: Ripe

Route Status: Stable (0 changes in 30 days)

Open Ports:

TCP/443 (HTTPS) – Active
TCP/22 (SSH) – Active (OpenSSH_8.9p1 Ubuntu)

DNS Configuration:

Forward Resolution: Not confirmed
Hosted Domains: 0
Email Authentication: No SPF, No DMARC
DNSSEC: Valid
DNSBL: 1/8 lists

## Threat Indicators

Known Attacker: No
Spam Source: No
Tor Exit Node: No
Proxy/VPN: No
Known Campaigns: None detected
Blacklist Count: 0
Pulsedive Risk: N/A

## Related Infrastructure

Relationship Graph: 23 relationships identified to CloudBackbone network infrastructure

Neighborhood (95.182.97.0/24): 2 total siblings, 1 active

Neighbor IP: 95.182.97.162 (Risk Score: 0)

Subnet Abuse Density: 0%

## Historical Trends

22 observations recorded since tracking began. No persistent malicious activity detected. Threat observation count: 0. Ownership changes: 0. The IP maintains consistent service behavior with 301 HTTP redirects and HTTP/2 enabled.

## Recommended Actions

Immediate Action: No blocking required

Firewall Rules: None recommended

Monitoring Priority: Low

Rationale: The IP presents standard web server behavior with minimal risk characteristics. However, the presence of SSH access (port 22) and the "invalid2.invalid" TLS certificate configuration warrants continued observation. No immediate threat justification exists for defensive action.

SOC Guidance: Monitor for any changes in service behavior or threat indicator emergence. No current evidence of malicious activity or compromised infrastructure.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇫🇷 France
Region	VC
City	Montserrat
Timezone	Europe/Paris
Latitude	48.86
Longitude	2.35

🏢 Ownership & Registration

Organization	MNT-NETART
ASN	AS56971
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Web Server
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.7
Closed Ports	25, 80, 3389, 8080, 8443 (2 open / 7 scanned)

Server	gws
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.7

🔐 TLS Certificate

A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.

⚠️

CN=invalid2.invalid, OU=No SNI provided - please fix your client.

Issued by CN=invalid2.invalid, OU=No SNI provided - please fix your client.

Self-signed: Yes

SANs	invalid2.invalid
Valid From	2026-05-18T19:41:24+00:00
Valid Until	2026-08-10T19:41:23+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	83 days
Serial Number	771D1F5358D3952DE2201683567B21D0
Thumbprint	FEF8D9C713F1C1BB594B273732AC3B0E4447EAA6

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	24%	2	3
routing	13%	1	1
services	30%	2	4
ownership	20%	2	3
reputation	13%	1	2
geolocation	27%	2	3
Overall	21%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Geo sources disagree on country: ES, FR

📅 Observation Timeline 🔄 Live

First Seen	2026-05-09 17:41:55 UTC
Last Seen	2026-06-25 20:19:51 UTC
Profile Built	2026-06-25 20:26:21 UTC
Data Freshness	Live
Signal Types	20
Total Observations	20

🔍 20 signal types · 20 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

95.182.97.39📋 Copy