46.225.233.87
# IP Intelligence Briefing: 46.225.233.87/32
Classification: Moderate Risk (Score: 40)
Reporting Date: Current analysis based on available signal data
## 1. Ownership and Infrastructure
The IP address 46.225.233.87 is allocated to Hetzner Online GmbH (ASN 24940), a German cloud hosting provider. The address resides within the 46.224.0.0/15 BGP prefix, originating through AS6939 and AS24940. The network classification identifies this as a cloud compute infrastructure host with single-service purpose.
Geolocation Discrepancy: Primary geolocation data indicates Nuremberg, Bavaria, Germany. However, historical signal observations from 2026-06-15 recorded an alternative geolocation attribution to Iran (IR) via alienvault-otx with a reputation score of 0 and 13 associated threat pulses.
DNS Resolution: The IP resolves to `static.87.233.225.46.clients.your-server.de` under the domain `your-server.de`. Forward DNS resolution is confirmed.
## 2. Network Services
Active service enumeration reveals SSH on port 22/TCP with banner: `SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16`. No HTTP services or TLS certificates are currently observed. The infrastructure hosts single-service configurations typical of cloud compute environments.
## 3. Threat Indicators
- Risk Score: 40/100 (Moderate Risk)
- DNSBL Listings: Listed on 2 of 8 total DNS blacklists
- Threat Signals: One threat observation recorded on 2026-06-15
- Tor/Proxy/VPN: Not classified as Tor exit node, proxy, or VPN
- Known Campaigns: No active campaign associations identified
- ISP Reputation: Operator score 0.4783 (Basic classification)
## 4. Observation History
Signal observation history contains 24 recorded events. Notable temporal patterns include:
- 2026-06-15T07:15:39: IR geolocation attribution with 13 threat pulse associations
- 2026-06-15T07:18:26: Subnet classification recorded as "mostly_clean" with abuse density 1
- 2026-06-15T07:17:08: Operator score calculation showing basic classification (0.55 raw score)
The IP is not flagged as persistently malicious. Threat observation count is 1 with 0 days of threat persistence.
## 5. Neighborhood Analysis
The /24 subnet (46.225.233.0/24) shows mixed neighborhood data:
- Profile neighborhood data indicates 1 total sibling, 1 active sibling, and 1 threat sibling
- Abuse density classified as "mostly_clean" with inherited risk score of 2
- Network classification: `CLOUD-NBG1` (Hetzner datacenter network)
## 6. Related Entities
Multiple relationship entities link to the following:
- Hostname: `static.87.233.225.46.clients.your-server.de` (repeated DNS association)
- Network: `CLOUD-NBG1` (multiple same-network relationships)
## 7. Recommended Security Actions
Based on risk assessment, the following firewall rules are recommended:
iptables:
```
iptables -A INPUT -s 46.225.233.87 -j DROP
```
nftables:
```
nft add rule inet filter input ip saddr 46.225.233.87 drop
```
Cloudflare WAF:
```json
{
"description": "Block 46.225.233.87 โ IPDebrief risk score 40",
"action": "block",
"filter": {
"expression": "ip.src eq 46.225.233.87"
}
}
```
AWS WAF:
```json
{
"Addresses": ["46.225.233.87/32"],
"Description": "IPDebrief risk 40"
}
```
## 8. Analyst Assessment
This IP address presents a moderate risk profile with conflicting geolocation signals. The primary Hetzner infrastructure attribution suggests legitimate cloud hosting, but historical IR geolocation signals and DNSBL listings indicate potential abuse or misconfiguration. The SSH service is standard for cloud infrastructure.
Key Indicators for Further Investigation:
1. Correlate the IR geolocation signal with actual traffic patterns
2. Review DNSBL listing reasons and associated reputation feeds
3. Monitor for connection attempts from this subnet to internal resources
4. Assess whether the single threat observation correlates with observed network activity
Risk Rating: MODERATE โ Block recommended pending correlation with internal threat intelligence.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Hetzner Online GmbH - Contact Role |
| ASN | AS24940 |
| Network Name | โ |
| CIDR Block | 46.224.0.0/15 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | static.87.233.225.46.clients.your-server.de |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | static.87.233.225.46.clients.your-server.de |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 21% | 2 | 2 |
| ownership | 27% | 3 | 4 |
| reputation | 26% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 25% | 12 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 15:39:12 UTC |
| Last Seen | 2026-06-28 09:22:01 UTC |
| Profile Built | 2026-06-29 03:27:32 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 29 |
Full dossier details are available via our API.