46.224.175.215
# IP Intelligence Briefing: 46.224.175.215/32
## Executive Summary
IP address 46.224.175.215 was identified as a moderate-risk (score: 40) cloud computing endpoint operated by Hetzner Online GmbH in Falkenstein, Germany. The IP resolves to your-server.de and hosts web services on ports 80/443 with SSH access on port 22. Network analysis indicates a low-abuse-density subnet (46.224.175.0/24) with minimal correlated threat activity.
## Technical Profile
| Attribute | Value |
|---|---|
| **ASN** | 24940 (Hetzner Online GmbH) |
| **Location** | Falkenstein, Saxony, Germany (51.17°N, 10.45°E) |
| **Infrastructure Type** | CloudCompute/Hosting |
| **Network Classification** | Cloud hosting environment |
| **DNS Resolution** | static.215.175.224.46.clients.your-server.de |
| **SSL Certificate** | TRAEFIIK DEFAULT CERT (self-signed) |
| **Open Ports** | 22/SSH, 80/HTTP, 443/HTTPS |
| **HTTP Status** | 404 (Not Found) |
## Threat Indicators
- Risk Score: 40 (Moderate Risk)
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Blacklist Count: 0
- DNSBL Listings: 2 of 8 total lists
The IP does not match any known attack campaigns or threat feeds. However, the moderate risk score warrants monitoring due to the hosting infrastructure classification.
## Neighborhood Analysis
Subnet 46.224.175.0/24 exhibits low abuse density (score: 0) with classification "mostly_clean." One neighbor IP (46.224.175.79) showed moderate risk (score: 25). The subnet inherited risk score of 5, indicating limited correlation with known malicious activity at the network level.
## Historical Observations
25 observations captured over the analysis period. Recent signals confirm consistent cloud infrastructure classification with Hetzner provider attribution. HTTP fingerprinting revealed HTTP/2.0 support with 358ms TTFT and missing security headers (CSP, HSTS, X-Frame-Options). Email authentication (SPF/DMARC) status was not validated for the associated domain.
## Recommended Security Actions
Based on the risk profile, the following defensive measures are recommended:
Immediate Blocking Rules:
```bash
# iptables
iptables -A INPUT -s 46.224.175.215 -j DROP
# nftables
nft add rule inet filter input ip saddr 46.224.175.215 drop
# nginx
deny 46.224.175.215;
# pfSense
46.224.175.215/32
# Cloudflare WAF
Block 46.224.175.215 โ IPDebrief risk score 40
# AWS WAF
Addresses: 46.224.175.215/32
```
Analysis Notes:
- SSH access (port 22) from a hosting provider IP may indicate potential lateral movement attempts
- Open HTTP/HTTPS ports align with expected web hosting services
- No evidence of active exploitation campaigns or known bad actor attribution
- Recommendation to monitor for changes in risk classification over the next 7-14 days
## Conclusion
The IP represents a moderate-risk cloud endpoint with no definitive malicious indicators. Blocking is recommended as a precautionary measure consistent with Hetzner's hosting infrastructure profile. Continued monitoring advised to track any changes in reputation or threat indicators.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Hetzner Online GmbH - Contact Role |
| ASN | AS24940 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | static.215.175.224.46.clients.your-server.de |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | static.215.175.224.46.clients.your-server.de |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_10.2p1 Ubuntu-2ubuntu3.2 |
๐ TLS Certificate
| SANs | 4723ef24767d6bc50568372d48b5fd9d.b2352daba7554d5cf43af62b0df2ab58.traefik.default |
| Valid From | 2026-06-06T07:47:20+00:00 |
| Valid Until | 2027-06-06T07:47:20+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_128_GCM_SHA256 |
| Signature Algorithm | sha256RSA |
| Validity Period | 365 days |
| Serial Number | 6CA0898507D12E48D21D5E5C573532E2 |
| Thumbprint | E17368655755A85A774416239964E1E035222080 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 30% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 26% | 10 | 17 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-18 15:27:01 UTC |
| Last Seen | 2026-06-28 07:39:16 UTC |
| Profile Built | 2026-06-29 07:47:25 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 28 |
Full dossier details are available via our API.