78.46.191.135
# IP INTELLIGENCE BRIEFING
Target: 78.46.191.135/32
Date: Current Assessment
Risk Level: Moderate (Score: 50/100)
---
## Executive Summary
IP address 78.46.191.135 is associated with Hetzner Online GmbH (ASN 24940), a cloud hosting provider located in Nuremberg, Germany. The address exhibits moderate risk characteristics with historical DNS blacklist activity and operational associations with a compromised subnet. No active open services are detected, and the IP is currently classified as a cloud compute resource with hosting infrastructure designation.
---
## Technical Profile
Ownership & Registration:
- ASN: 24940 (Hetzner Online GmbH)
- Organization: Hetzner Online GmbH - Contact Role
- RIR: RIPE
- CIDR Block: 78.46.0.0/15
Geolocation:
- Country: Germany (DE)
- Region: Bavaria
- City: Nuremberg
- Coordinates: 51.17°N, 10.45°E
- Accuracy: 400 km radius
Network Classification:
- Infrastructure Type: Cloud Compute
- Is Hosting: Yes
- Is CDN/VPN/Proxy: No
- Open Ports: None detected (Firewalled / No Services)
DNS Resolution:
- PTR Hostname: static.135.191.46.78.clients.your-server.de
- Domain: your-server.de
- Forward Resolution: Confirmed
- Email Auth: SPF and DMARC configured
---
## Threat Assessment
Current Threat Indicators:
- No active threat feeds or known campaigns
- No known attacker attribution
- No Tor exit node activity
- Abuse Confidence Score: Not calculated
Historical Threat Activity:
- 18 observations recorded over monitoring period
- DNSBL listings detected: 8 total lists
- Maximum severity: High (observed 2026-06-20)
- Listed count: 1 active listing at peak observation
- Operator Score: 0.3478 (Basic)
Control Plane Data:
- Route Stability: False
- Route Changes (30d): 0
- DNSSEC: Valid
- RPKI State: Not evaluated
---
## Neighborhood Analysis
Subnet: 78.46.191.135/24
- Abuse Density: 1
- Classification: Mostly Clean
- Inherited Risk: 2
- Total Siblings: 1
- Active Siblings: 0
- Threat Siblings: 1
The /24 subnet shows minimal abuse activity but contains one threat-associated sibling IP.
---
## Related Entities
DNS Associations:
- static.135.191.46.78.clients.your-server.de (repeated associations)
Network Associations:
- CLOUD-NBG1 (same network)
Total Relationships: 43 detected associations
---
## Recommended Actions
Based on risk profile and historical activity, the following mitigations are recommended:
Firewall Blocking:
- iptables: `iptables -A INPUT -s 78.46.191.135 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 78.46.191.135 drop`
- pfSense: `78.46.191.135/32`
WAF Integration:
- Cloudflare WAF: Block IP with expression `ip.src eq 78.46.191.135`
- AWS WAF: Address `78.46.191.135/32`
Monitoring:
- Continue monitoring for service changes
- Track DNSBL listing updates
- Correlate with subnet 78.46.191.0/24 activity
---
Analysis Notes: While no active services are currently accessible, the historical DNS blacklist activity and hosting infrastructure designation warrant continued monitoring. The IP may serve as a backend or staging address for hosted services. Recommended action is conservative blocking pending further correlation with threat intelligence feeds.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Hetzner Online GmbH - Contact Role |
| ASN | AS24940 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | static.135.191.46.78.clients.your-server.de |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | static.135.191.46.78.clients.your-server.de |
๐ DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | 1/2 domains |
| DMARC | 1/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| 8443 | https-alt | tcp | โ |
| Closed Ports | 25, 3389, 8080 (4 open / 7 scanned) | ||
| Server | nginx |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.5 |
๐ TLS Certificate
CN=cloudpanel.clp was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.| SANs | cloudpanel.clpwww.cloudpanel.clp |
| Valid From | 2019-10-14T13:34:38+00:00 |
| Valid Until | 2020-10-13T13:34:38+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 365 days |
| Serial Number | 00 |
| Thumbprint | 3BECE07FF14C8422E15E2D725E47F72289009311 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 25% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 08:56:13 UTC |
| Last Seen | 2026-06-28 13:20:02 UTC |
| Profile Built | 2026-06-29 07:25:15 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.