49.13.16.233 — Hetzner Online GmbH, DE — Very High (81%)

Check an IP Address, Domain Name, Subnet, or ASN

49.13.16.233 was found in our database!

Confidence Level

81%

Very High?

Geolocation

🇩🇪

GermanyFalkenstein

ISPHetzner Online GmbH

ASNAS24940

Activity Timeline

First seenMar 5, 2026, 12:09 PM

Last seen13m ago

28Sessions

28Events

Protocol Breakdown

SIP

28 / 28

49.13.16.233 has a very high threat confidence level of 81%, originating from Falkenstein, Germany, on the Hetzner Online GmbH network (24940). It has been observed across 28 sessions targeting SIP, First observed on March 5, 2026, most recently active March 5, 2026.

Behaviors

Classified behavioral patterns observed

Sip Options Capability Probe Structured

low28x

Automated SIP OPTIONS requests used to validate reachable VoIP endpoints and enumerate service capabilities without initiating a call session. The client sends standalone OPTIONS probes with high-entropy or unusually long Call-ID values, a pattern commonly associated with scripted scanning frameworks or VoIP reconnaissance tooling. Such activity is typically observed during infrastructure discovery phases where attackers identify responsive SIP servers, supported methods, and potential targets for toll fraud, brute-force registration attempts, or later exploitation campaigns.

Primitives

Individual actions observed

Sip Call Id Long Numeric28 Sip Call Id Alphanumeric Entropy28

Related Threats

Explore related threat intelligence

🇩🇪More threats fromGermany ASMore threats fromHetzner Online GmbH SIPMore threats targetingSIP { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
49.13.16.14	89%	154
46.224.19.85	84%	9
77.42.47.53	58%	17
91.99.223.227	48%	2
91.98.112.31	48%	2

IP Address	Confidence	Events
87.106.147.36	100%	50,264
45.84.196.162	100%	3,929
89.163.204.62	89%	71,145
157.230.22.104	91%	32
206.189.49.226	66%	13