95.216.3.239

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 95.216.3.239/32

## Executive Summary

IP address 95.216.3.239 is a low-risk (Risk Score: 25) infrastructure endpoint operating within the Hetzner Online GmbH cloud infrastructure in Helsinki, Finland. The IP exhibits characteristics of legitimate cloud hosting with no active threat indicators, open services, or malicious behavioral patterns. No immediate blocking or mitigation actions are recommended.

## Ownership and Infrastructure

ASN: 24940 (Hetzner Online GmbH)
Network: 95.216.0.0/16
Organization: Hetzner Online GmbH - Contact Role
RIR: Ripe
Infrastructure Type: CloudCompute / Hosting
Geolocation: Helsinki, Finland (FI), 60.1719°N, 24.9347°E
Geographic Validation: Plausible (1411km distance, avg RTT 129.2ms across 5 probes)

## Network Role and Services

Provider: Hetzner
Status: Cloud-computing infrastructure with hosting services
Open Ports: None detected (firewalled/no services exposed)
DNS Forward Resolution: mail.omnesmag.com
PTR Record: static.239.3.216.95.clients.your-server.de
DNSSEC: Valid

## Threat Assessment

Reputation: Low Risk
Threat Indicators: None
Blacklist Status: Not listed on major blacklists
DNSBL Listings: 1 out of 8 total checks
Tor Exit Node: No
Known Attacker: No
Spam Source: No
Campaign Affiliation: None identified

## Historical Analysis

23 observations collected through 2026-06-28 indicate stable infrastructure behavior with consistent geolocation data and no escalation in threat signals. The IP demonstrates persistent ownership without malicious activity. Signal history shows:

Stable geographic attribution to Helsinki
Consistent network routing through Hetzner infrastructure
No emergence of new threat indicators

## Relationship Intelligence

The IP maintains 45 documented relationships, primarily:

DNS associations with your-server.de domain hostnames
Network associations with Hetzner Helsinki datacenter (HETZNER-hel1-dc2)
Standard hosting infrastructure connections

## Neighborhood Analysis (95.216.3.0/24)

Abuse Density: Minimal
Classification: Mostly clean
Active Siblings: 1
Threat Siblings: 1 (isolated, not indicative of coordinated activity)
High-Risk Neighbors: 0

## Recommended Actions

No specific firewall rules or blocking recommendations are generated at this time. The IP exhibits normal cloud hosting behavior with no actionable threat indicators. Standard network policies apply.

## Intelligence Notes

The IP address represents legitimate cloud infrastructure from a major European hosting provider. The minimal DNSBL listing and single threat sibling within the /24 subnet suggest either temporary scanning activity or false positives. No correlation with known attack campaigns or coordinated malicious infrastructure has been identified.

Classification: LOW RISK - Routine monitoring advised

Last Updated: 2026-06-28

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇫🇮 Finland
Region	18
City	Helsinki
Timezone	Europe/Helsinki
Latitude	60.17
Longitude	24.93

🏢 Ownership & Registration

Organization	Hetzner Online GmbH - Contact Role
ASN	AS24940
Network Name	—
CIDR Block	—
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	static.239.3.216.95.clients.your-server.de
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`mail.omnesmag.com`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u7
8443	https-alt	tcp	—
Closed Ports	25, 3389, 8080 (4 open / 7 scanned)

Server	nginx
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u7

🔐 TLS Certificate

🔒

CN=omnesmag.com

Issued by CN=R12, O=Let's Encrypt, C=US

Self-signed: No

SANs	omnesmag.com
Valid From	2026-05-03T15:54:38+00:00
Valid Until	2026-08-01T15:54:37+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	89 days
Serial Number	06D95656B8DED7AE3E2467133BF7325D240C
Thumbprint	6396BF461F3575C57E1398E4EA38E3B28EAC6281

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	30%	2	3
routing	13%	1	1
services	33%	2	4
ownership	20%	2	3
reputation	28%	1	3
geolocation	39%	2	3
Overall	27%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-22 03:11:02 UTC
Last Seen	2026-06-28 18:08:49 UTC
Profile Built	2026-06-29 06:11:23 UTC
Data Freshness	Live
Signal Types	22
Total Observations	26

🔍 22 signal types · 26 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

95.216.3.239📋 Copy