INTELLIGENCE BRIEFING: 178.137.16.224
Classification: Moderate Risk | Last Updated: 2026-06-24
---
OWNERSHIP & GEOLOCATION
The IP 178.137.16.224 is owned by Kyivstar PJSC (ASN 15895), a major Ukrainian telecommunications provider. The address is geolocated to Kyiv, Ukraine (Region 30) with coordinates 49.3°N, 30.88°E. The IP resolves to PTR hostname 178-137-16-224.broadband.kyivstar.net within the kyivstar.net domain infrastructure.
RISK PROFILE
Risk Score: 65/100 (Moderate Risk). The IP is classified as firewalled with no active services detected. Network role indicates residential broadband infrastructure with no cloud, CDN, or proxy characteristics. The IP is not flagged as a Tor exit node, known attacker, or spam source.
THREAT INDICATORS
- DNSBL Listings: 3 of 8 total lists (DNSBL Listed Count)
- Control plane analysis shows operator score of 0.1304 (Minimal)
- No active threat indicators in current threat feeds
- No known campaign associations detected
NETWORK NEIGHBORHOOD ANALYSIS
The /24 subnet 178.137.16.0/24 exhibits high abuse classification with abuse density of 0.6562. Analysis of 100 neighboring IPs revealed risk distribution: 7 high-risk, 93 medium-risk, and 0 low-risk addresses. Multiple sibling IPs (178.137.16.1 through 178.137.16.224 range) share similar risk profiles with authority scores of 50.
OBSERVATION HISTORY
Historical monitoring across 22 observations shows:
- Recent activity (2026-06-24) with minimal operator score
- Earlier signals (2026-06-03) confirming high_abuse subnet classification
- Persistent blacklist presence with maximum severity "high"
- No persistent malicious behavior patterns detected
- Threat observation count: 1
RELATIONSHIP GRAPH
The IP maintains 89 relationship connections, primarily categorized as "Same Network" relationships to KYIVSTAR-NET-7. Relationships extend to associated subnets, hostnames, and organizational entities within the Kyivstar network infrastructure.
---
RECOMMENDED ACTIONS
1. Monitor β Continue surveillance due to moderate risk score and blacklist presence
2. Block if necessary β Implement firewall rules if observed in malicious contexts
3. Correlate β Cross-reference with other IPs in 178.137.16.0/24 subnet for potential abuse patterns
4. Investigate source β If traffic originates from this IP, verify legitimate business purpose given residential broadband classification
---
SUMMARY
178.137.16.224 is a residential broadband IP from Kyivstar PJSC in Kyiv, Ukraine with moderate risk characteristics. The IP is currently firewalled with no active services but maintains blacklist presence. The surrounding /24 subnet shows elevated abuse density, suggesting potential for coordinated or shared abuse infrastructure. No immediate threat indicators detected, but continued monitoring recommended given neighborhood risk profile.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Kyivstar PJSC |
| ASN | AS15895 |
| Network Name | β |
| CIDR Block | β |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 178-137-16-224.broadband.kyivstar.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 178-137-16-224.broadband.kyivstar.net |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 22% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 19% | 1 | 3 |
| geolocation | 24% | 2 | 3 |
| Overall | 20% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:50 UTC |
| Last Seen | 2026-06-26 18:11:49 UTC |
| Profile Built | 2026-06-24 05:27:03 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 22 |
Full dossier details are available via our API.