24fire GmbH

24fire GmbH is a small German prepaid hosting provider operating AS216063 from two data centres. Its customers face service risk from prepaid credit expiry and single upstream dependence. Public evidence confirms corporate identity and network footprint but not financial health or operational control. Watchpoints include routing changes, director alterations, and status incidents. The profile is limited to evidence-led claims with significant uncertainty about equipment ownership and management authority.

24fire GmbH

24fire GmbH is a German prepaid hosting provider operating AS216063 from facilities in Frankfurt and Eygelshoven. The company sells KVM virtual servers, domains, and webhosting via a self-service control panel and API. All services are prepaid; expired credit triggers automatic server shutdown. Its network relies on a single upstream provider, creating a concentrated failure risk for the claimed 5,000+ customers. Financial health and equipment ownership are not independently verified.

Why It Matters

If the control panel, FireAPI, payment providers, or DDoS filtering fail, customers may lose access to their virtual machines or be unable to renew. The dependency on a single upstream (AS49581) and two physical locations means that incidents at NTT Frankfurt or SkyLink Eygelshoven could degrade all services. Moreover, the prepaid model means that even a temporary payment issue can cause auto-shutdown after a grace period, leaving customers without recourse.

What Public Sources Show

24fire GmbH is a German prepaid hosting provider that sells KVM virtual servers, domain registration, and webhosting from data centres in Frankfurt and Eygelshoven. The company says it serves over 5,000 customers and operates 64 TB of system RAM, figures that have not been independently audited. Because all services are prepaid, expiring account credit triggers an automatic server shutdown after a short grace period.

A failed payment or control-panel outage can therefore abruptly terminate customer workloads.

Public information about the company comes from its own imprint, product pages, API documentation, and a legacy status page. Independent corroboration is available from the German commercial register mirror openregister.de, and network datasets such as PeeringDB, bgp.tools, and IPinfo. However, the RIPE NCC membership could not be confirmed from the provided source link, and all operational metrics—including the customer count and RAM total—are company-reported without external audit.

The technical footprint is therefore known only as far as the company chooses to disclose it.

Customers manage their services through a web-based control panel or a programmable API called FireAPI. The lifecycle of every virtual machine—provisioning, start, stop, backup, monitoring—is governed by these interfaces. A prepaid account balance must be maintained; if credit runs out before renewal, the system notifies the customer and then stops the server, keeping the data available for a few days for reactivation.

Payment providers and the webshop are integral to this flow, and their failure can lock customers out.

The network runs under AS216063, with six IPv4 and three IPv6 prefixes. A single upstream provider, AS49581 (Tube-Hosting), carries all traffic, and the company also peers at ERA-IX Frankfurt. This design means that any problem with Tube-Hosting or the Frankfurt exchange can isolate the entire customer base. BGP monitoring shows the routes are currently valid under RPKI, but any upstream change would instantly alter global reachability.

Physical servers sit in two data centres: NTT Frankfurt 1 hosts AMD EPYC and Ryzen clusters using Ceph-based distributed storage, while SkyLink Eygelshoven runs Intel Xeon machines. DDoS defence combines an in-house flowShield appliance at NTT with an Aurologic protection layer at SkyLink, covering both network-layer and HTTP-based attacks. Both locations are critical; a facility outage at either one would degrade all services.

Watchpoints are concrete. Any change to AS216063’s upstream or prefix announcements should be tracked via bgp.tools. The status page at status.24fire.de—or its legacy Atlassian page—provides incident history for the control panel, API, payment providers, and host systems. A modification to the managing directors listed on the imprint would signal a governance shift.

Fresh registry lookups for RIPE membership and PeeringDB facility updates are necessary because operator-maintained fields can become stale quickly.

Significant uncertainty surrounds the business substance. The company’s 5,000-customer claim and 64 TB RAM figure lack independent audit. No public financial data confirms revenue, profitability, or ability to sustain the prepaid model. Ownership of server hardware, cross-connects, and DDoS appliances is not established. The exact division of technical authority between the two named managing directors remains unknown, and RIPE NCC membership details need a verified source to confirm LIR status.

Operating Surface

24fire GmbH serves as a prepaid hosting provider and autonomous system operator in the German internet-infrastructure market. It manages the full lifecycle of customer KVM servers, domains, and web services through its in-house control panel and FireAPI. The company maintains its own network, AS216063, with announced IPv4 and IPv6 prefixes, and peers at ERA-IX Frankfurt.

Its two data centres host AMD EPYC, Ryzen, and Intel Xeon clusters with Ceph storage and custom DDoS protection.

The provider matters because its prepaid credit model and single upstream dependency introduce a sharp failure mode: any disruption to its payment system, control panel, or transit connectivity can abruptly terminate customer services. With a company-reported base of over 5,000 customers, the platform represents a non-trivial, though unaudited, installed base. Its compact infrastructure footprint means that incidents at either of its two physical locations could cascade into widespread downtime.

Watchpoints

24fire GmbH represents a compact, single-upstream hosting provider whose prepaid model concentrates operational risk. While the company claims a non-trivial customer base, the lack of independent financials and unaudited scale metrics prevents confident assessment of its resilience. The intelligence value lies in monitoring the fragility of its platform for signs of stress that could cascade to customers lacking alternative infrastructure.

Track AS216063 BGP updates and upstream changes via bgp.tools; monitor the official status page for component incidents; watch for alterations to the managing directors in the imprint or OpenRegister; note any changes in PeeringDB facility or policy fields; verify RIPE NCC membership with a correct source.

No audited revenue or customer count exists; the provided RIPE NCC member-directory URL was incorrect, leaving LIR status unconfirmed. Ownership of physical equipment and DDoS appliances is unknown. Shareholding structure and operational division between the two directors are not public. Direct registry lookups (RIPE Database, RDAP) and German commercial register updates could fill some gaps.

Sources

• 24fire.de - Identifies 24fire GmbH, address in Schwetzingen, managing directors Daniel Kuehn and Lars Kiefer, VAT ID DE362002832, Amtsgericht Mannheim HRB 747763, and public legal/regulatory contact routes.
• 24fire.de - Describes 24fire as a prepaid hosting provider with KVM servers, domains, webhosting, storage, support, control-panel, API and company-reported scale metrics including 5,000+ customers.
• openregister.de - Lists the company as active under Amtsgericht Mannheim HRB 747763, founded 4 July 2023, with EUR 25,000 capital, Schwetzingen address and managers Daniel Gabriel Bernhard Kuehn and Lars Kiefer.
• 24fire.de - Shows 24fire's product catalogue including AMD EPYC KVM servers, AMD Ryzen KVM servers, Intel Xeon KVM servers, domains and webhosting services.
• 24fire.de - Describes Frankfurt NTT FRA1 and Eygelshoven SkyLink technical footprint, including EPYC host clusters, Ceph high availability, networking and storage components.
• apidocs.24fire.de - Documents customer API operations for account services, domains, KVM status, power actions, backups and monitoring, supporting the control-panel/API control surface.
• bgp.tools - Identifies AS216063 as TWENTYFOURFIRE / 24fire GmbH, active under RIPE, with six IPv4 and three IPv6 prefixes, AS49581 Tube-Hosting upstream visibility and ERA-IX Frankfurt peering visibility.
• PeeringDB network profile - Lists network 42161 as 24fire GmbH / TWENTYFOURFIRE, ASN 216063, traffic level 5-10 Gbps, Europe scope, open peering policy, and facilities NTT Frankfurt 1 and SkyLink Data Center BV.
• ipinfo.io - Identifies AS216063 as 24fire GmbH, classifies it as hosting, lists RIPE as registry, and reports 1,536 IPv4 addresses plus IPv6 address space and hosted-domain/risk tags.
• 24fire.statuspage.io - Shows monitored public components including Webshop, Control Panel, FireAPI, payment providers, DE-Frankfurt NTT, network, DDoS protection, host systems and storage systems.
• 24fire.de - Describes 24fire's DDoS-protection approach at Frankfurt NTT FRA1, including in-house filtering, Layer 3/4 and HTTP attack handling, flowShield, traffic analysis and SSL/API handling.