37.27.109.71
IP Intelligence Briefing: 37.27.109.71
Date: 2026-06-12
---
**1. Risk Profile**
- Risk Score: 65/100 (Moderate Risk)
- Provider: Hetzner Online GmbH (AS24940)
- Geolocation: Helsinki, Finland (FI)
- Network Role: CloudCompute (Hosting/Virtualized)
- Threat Indicators: No active malicious activity detected.
---
**2. Key Observations**
- Ownership:
- Registered to Hetzner Online GmbH (RIPE RIR).
- Subnet: 37.27.0.0/16, with no abuse density reported.
- Network Behavior:
- Associated with `vhosts.flowhost.io` (DNS PTR records).
- No open ports or TLS services detected.
- BGP prefix stable (no recent route changes).
- Threat History:
- No confirmed spam, attacker, or Tor exit node activity.
- Moderate risk score linked to potential future threats (monitoring advised).
---
**3. Relationships & Dependencies**
- Network Links:
- Part of the Hetzner network (DE-HETZNER-20111228).
- No malicious sibling IPs in the 37.27.109.71/24 subnet.
- DNS Associations:
- Resolves to `vhosts.flowhost.io` (SPF/DMArc configured).
- No email-related threats detected.
---
**4. Neighborhood Analysis**
- Subnet: 37.27.109.71/24
- Abuse Density: 0% (clean subnet).
- Neighbors: No active or malicious IPs in the subnet.
---
**5. Recommended Actions**
- Monitoring:
- Increase logging verbosity for traffic originating from this IP.
- Review DNS activity for `vhosts.flowhost.io` for anomalies.
- Firewall Rules:
- Block the IP using:
```bash
iptables -A INPUT -s 37.27.109.71 -j DROP
nft add rule inet filter input ip saddr 37.27.109.71 drop
```
- Update WAF rules (Cloudflare/AWS) to block this IP.
---
**6. Summary**
The IP is part of a Hetzner-hosted network in Finland, associated with a hosting domain. No active threats detected, but its moderate risk score suggests ongoing monitoring is warranted. Ensure DNS and network traffic from this IP are scrutinized for potential future risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Hetzner Online GmbH - Contact Role |
| ASN | AS24940 |
| Network Name | DE-HETZNER-20111228 |
| CIDR Block | 37.27.0.0/16 |
| RIR | RIPE |
| Country | FI |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vhosts.flowhost.io |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | vhosts.flowhost.io |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 30% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 22% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-06-01 17:54:16 UTC |
| Last Seen | 2026-06-21 07:55:11 UTC |
| Profile Built | 2026-06-21 07:57:06 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 23 |
Full dossier details are available via our API.