# IP Intelligence Briefing: 37.27.234.213/32
Classification: HIGH RISK | Report Date: 2026-06-20
## Executive Summary
IP address 37.27.234.213 presents a HIGH RISK profile with a risk score of 80/100. The endpoint is hosted on Hetzner Online GmbH infrastructure in Finland and operates as a web hosting service. Despite clean blacklist status, the IP exhibits concerning geolocation inconsistencies and has been flagged by multiple threat detection sources.
## Technical Profile
| Attribute | Value |
|---|---|
| **Risk Score** | 80/100 (High Risk) |
| **ASN** | 24940 (Hetzner Online GmbH) |
| **Organization** | Hetzner Online GmbH - Contact Role |
| **Geolocation** | Helsinki, Finland (FI) / RIR: RIPE |
| **Network Role** | Cloud Compute / Hosting Provider |
| **Infrastructure Type** | Cloud Compute |
| **DNSSEC Valid** | Yes |
| **Route Stability** | Unstable |
## Network Services
- Port 80/tcp: HTTP (Web Server)
- Port 443/tcp: HTTPS (Web Server)
- Port 22/tcp: SSH (OpenSSH_9.6p1 Ubuntu-3ubuntu13.16)
- Server Banner: nginx
- PTR Hostname: static.213.234.27.37.clients.your-server.de
## Threat Intelligence Assessment
- Blacklist Status: Clean (0 blacklist hits)
- DNSBL Listed: 4 of 8 total lists
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Abuse Confidence Score: Not reported
- Operator Score: 0.3478 (Basic)
## Anomalous Observations
Geolocation Discrepancy: Historical signals indicate conflicting geographic locations. Current profile shows Helsinki, Finland, while recent observation from 2026-06-20 reported Tehran, Iran with active threat flags. This inconsistency warrants investigation.
Control Plane Issues: BGP route instability detected (isRouteStable: False). DNSSEC validation successful, but RP KI and IRR consistency not assessed.
## Relationship Analysis
- DNS Associations: Multiple entries pointing to static.213.234.27.37.clients.your-server.de
- Network Affiliation: DE-HETZNER-20111228
- Total Relationships: 34 entities linked
## Subnet Neighborhood (37.27.234.0.0/24)
- Abuse Density: Low
- Classification: Mostly Clean
- Active Siblings: 1
- Threat Siblings: 1
## Observation History
Total of 24 observations tracked. Key timeline:
- 2026-06-20: Tehran, Iran geolocation with threat indicators detected (3 pulse matches)
- 2026-06-15: DNS record activity for your-server.de; subnet abuse density signals received
- Multiple observations: Operator scoring and multi-dimensional analysis signals
## Recommended Security Actions
Priority: CRITICAL
Immediate Actions:
1. Increase logging verbosity and review all recent activity from this IP address
2. Block at perimeter firewall using provided rules below
3. Monitor for lateral movement if connection to internal systems occurs
Firewall Implementation Rules:
```
# iptables
iptables -A INPUT -s 37.27.234.213 -j DROP
# nftables
nft add rule inet filter input ip saddr 37.27.234.213 drop
# nginx
deny 37.27.234.213;
# pfSense
37.27.234.213/32
# Cloudflare WAF
{"description":"Block 37.27.234.213 โ IPDebrief risk score 80","action":"block","filter":{"expression":"ip.src eq 37.27.234.213"}}
# AWS WAF
{"Addresses":["37.27.234.213/32"],"Description":"IPDebrief risk 80"}
```
## Intelligence Confidence
The IP presents elevated risk due to:
- High risk score (80/100)
- Geolocation inconsistency (Helsinki vs Tehran)
- Multiple DNSBL listings (4 of 8)
- Control plane instability
- Recent threat signal activity
Recommendation: Block immediately and continue monitoring for related IPs in the same subnet. The combination of hosting infrastructure, SSH exposure, and geolocation anomalies suggests potential misuse of legitimate cloud hosting services.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Hetzner Online GmbH - Contact Role |
| ASN | AS24940 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | static.213.234.27.37.clients.your-server.de |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | static.213.234.27.37.clients.your-server.de |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 25% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-17 09:10:52 UTC |
| Last Seen | 2026-06-28 04:56:27 UTC |
| Profile Built | 2026-06-28 23:01:22 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.