188.40.28.15
# IP INTELLIGENCE BRIEFING
Target: 188.40.28.15/32
Classification: MODERATE RISK
Date: 2026-06-21
---
## EXECUTIVE SUMMARY
IP 188.40.28.15 is a cloud-hosted web server operated by Hetzner Online GmbH (ASN 24940) in Bavaria, Germany. The IP presents a moderate risk score of 65/100 with no known malicious campaigns. Despite the elevated risk classification, the subnet shows clean classification with zero threat siblings. The IP is associated with domain www235.your-server.de and hosts standard web services (HTTP/HTTPS/SSH).
---
## INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **Provider** | Hetzner Online GmbH |
| **ASN** | 24940 (HETZNER-nbg1-dc1) |
| **CIDR Block** | 188.40.28.0/23 |
| **Location** | Gunzenhausen, Bavaria, Germany (51.17°N, 10.45°E) |
| **Infrastructure Type** | Cloud Compute |
| **Risk Score** | 65/100 (Moderate) |
---
## NETWORK CLASSIFICATION
- DNS Hostname: www235.your-server.de
- Domain: your-server.de
- Open Ports: 22/SSH, 80/HTTP, 443/HTTPS
- Server Banner: Apache (HTTP/2.0 enabled)
- TLS Certificate: DigiCert issued for CN=*.your-server.de
- Email Authentication: SPF and DMARC configured
- Cloud Hosting: Yes
---
## THREAT INTELLIGENCE
Current Indicators:
- DNSBL Listings: 3 of 8 total lists
- Known Campaigns: None detected
- Tor Exit Node: No
- Spam Source: No
- Known Attacker: No
- Blacklist Count: 0 (abuseConfidenceScore null)
Temporal Analysis:
- 24 historical observations collected
- Recent signals confirm ASN 24940 Hetzner association
- Network classification: CLEAN
- Control plane: Route stability flagged as false, BGP prefix changes observed
---
## NEIGHBORHOOD ANALYSIS
Subnet: 188.40.28.15/24
- Abuse Density: 0 (clean classification)
- Active Siblings: 3
- Threat Siblings: 0
| Neighbor IP | Risk Score | Authority Score |
|---|---|---|
| 188.40.28.21 | 25 | 60 |
| 188.40.28.36 | 40 | 60 |
No high-risk neighbors detected in immediate subnet vicinity.
---
## RELATIONSHIP MAPPING
Primary Associations:
- DNS: www235.your-server.de (12 relationship records)
- Network: HETZNER-nbg1-dc1 (same network)
---
## OBSERVATION HISTORY
Key signals from recent observations:
- CAA, DNSSEC, and FCRDNS validation data collected
- HTTP server fingerprint: Apache with HTTP/2, 404 status codes observed
- Response time: ~366ms (TTFB)
- Security headers: CSP, HSTS, and referrer policy absent
---
## SECURITY RECOMMENDATIONS
MONITORING
- Increase logging verbosity and review recent activity from this IP (severity: HIGH)
- Monitor for route stability changes in BGP prefix 188.40.0.0/16
FIREWALL RULES
Deploy the following blocking rules if risk justification exists:
iptables:
```bash
iptables -A INPUT -s 188.40.28.15 -j DROP
```
nftables:
```bash
nft add rule inet filter input ip saddr 188.40.28.15 drop
```
nginx:
```nginx
deny 188.40.28.15;
```
AWS WAF:
```json
{
"Addresses": ["188.40.28.15/32"],
"Description": "IPDebrief risk 65"
}
```
---
## ASSESSMENT
The IP presents moderate risk primarily due to DNSBL listings (3/8) and control plane instability flags. However, the subnet demonstrates clean classification with no threat siblings. The infrastructure is legitimate cloud hosting with proper email authentication. SOC analysts should monitor for elevated activity but may classify as LOW-PRIORITY if no specific threat indicators correlate.
---
Prepared by: IPDebrief Intelligence Analysis
Classification: INTERNAL USE ONLY
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Hetzner Online GmbH - Contact Role |
| ASN | AS24940 |
| Network Name | HETZNER-nbg1-dc1 |
| CIDR Block | 188.40.28.0/23 |
| RIR | RIPE |
| Country | DE |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | www235.your-server.de |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | www235.your-server.de |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Apache |
| HTTP Title | โ |
| SSH Version | SSH-2.0-mod_sftp ?#?g'?H??:???eC_??curve448-sha512,curve25519-sha256,diffie-hellman-group-exchange- |
๐ TLS Certificate
| SANs | *.your-server.deyour-server.de |
| Valid From | 2025-10-10T00:00:00+00:00 |
| Valid Until | 2026-11-02T23:59:59+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 388 days |
| Serial Number | 0B6BC13677DD1CF6101E67E2AEB58D11 |
| Thumbprint | 2409AAE2DEB39FACC2D7A23F8A01627922A0E608 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 40% | 2 | 3 |
| routing | 17% | 1 | 1 |
| services | 35% | 2 | 3 |
| ownership | 35% | 2 | 3 |
| reputation | 32% | 1 | 3 |
| geolocation | 17% | 1 | 1 |
| Overall | 29% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-06-15 11:54:28 UTC |
| Last Seen | 2026-06-21 23:12:22 UTC |
| Profile Built | 2026-06-21 23:20:05 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 23 |
Full dossier details are available via our API.