178.218.144.64

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 178.218.144.64

Date: 2026-06-16

---

1. Core Profile

Risk Score: 70 (High Risk)
Provider: LOWHOSTING-MNT (RIPE)
Geolocation: Italy (Rovigo), Latitude/Longitude: N/A, Timezone: Europe/Rome
Network Role: Hosting (Colocation)
Services:

- Open ports: SSH (22/TCP), HTTPS-alt (8443/TCP)

- TLS Certificate: Issued to `www.lbvc4e6x3uemnx.com`, SANs unspecified

- No HTTP server banner detected

---

2. Threat Indicators

Tor Exit Node: Confirmed (observed via Tor exit indicators)
Abuse Flags:

- 1 DNSBL listing (potential spam or malicious activity)

- No known attacker campaigns or spam sources

Subnet Abuse Density: 40% (medium risk within 178.218.144.0/24)

---

3. Observation History

Recent Activity (Last 26 Observations):

- Tor exit node activity detected (1 observation)

- Minimal risk score (0.13) from 2349 signal type

- TLS certificate and SSH banner scans (no critical vulnerabilities)

- ICMP validation failed (potential firewall blocking)

---

4. Network Relationships

Linked Entities:

- Same network: `IT-LowHosting-Services` (repeated 35+ times)

- Subnet: 178.218.144.0/24 (4 neighbors analyzed)

- DNS: `178.218.144.64.lowhosting.org` (PTR record confirmed)

---

5. Neighborhood Analysis

Subnet (178.218.144.0/24):

- Total IPs: 256

- Active Neighbors: 2 (high/medium risk)

- Risk Distribution:

- 4 medium-risk neighbors (scores: 40–59)

- 1 high-risk neighbor (score: 59)

- Abuse Density: 40% (mostly clean, but elevated risk)

---

6. Recommended Actions

Block Tor Exit Traffic:

- Implement firewall rules to restrict traffic from 178.218.144.64 to Tor networks.

Monitor SSH Access:

- Audit SSH logs for unauthorized access attempts on port 22.

Investigate Subnet Activity:

- Focus on neighbors with medium/high risk (e.g., 178.218.144.99).

Verify TLS Certificates:

- Check validity of certificates for `www.lbvc4e6x3uemnx.com` and SANs.

---

Conclusion: This IP is associated with a hosting provider in Italy and exhibits Tor exit node activity. While not directly malicious, its subnet contains medium-risk neighbors, and the high-risk score warrants closer monitoring. SOC teams should prioritize isolating Tor-related traffic and validating TLS/SSH configurations.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇮🇹 Italy
Region	34
City	Rovigo
Timezone	Europe/Rome
Latitude	45.47
Longitude	9.19

🏢 Ownership & Registration

Organization	LOWHOSTING-MNT
ASN	AS212508
Network Name	—
CIDR Block	178.218.144.0/24
RIR	RIPE
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	178.218.144.64.lowhosting.org
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`178.218.144.64.lowhosting.org`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Present
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Multi-Service Host
Network Tier	Tier 3 — Basic operator with some routing infrastructure

Hosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
22	ssh	tcp	SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3
8443	https-alt	tcp	—
Closed Ports	25, 80, 443, 3389, 8080 (2 open / 7 scanned)

Server	—
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3

🔐 TLS Certificate

🔒

CN=www.oxatxocs.net

Issued by CN=www.m23xirz3rk6xekei.com

Self-signed: No

SANs	None
Valid From	2026-05-11T00:00:00+00:00
Valid Until	2026-08-22T00:00:00+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	103 days
Serial Number	11AA02965F819E63
Thumbprint	12DA430ADDAF1F1D5D2B293B5E21650F0BF13726

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	30%	2	4
routing	27%	2	3
services	21%	2	2
ownership	39%	3	7
reputation	26%	1	3
geolocation	32%	2	3
Overall	29%	12	22

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-22 13:35:40 UTC
Last Seen	2026-06-26 21:06:52 UTC
Profile Built	2026-06-27 16:21:11 UTC
Data Freshness	Live
Signal Types	29
Total Observations	61

🔍 29 signal types · 61 observations collected

This report is generated from 29+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

178.218.144.64📋 Copy

**1. Core Profile**

**2. Threat Indicators**

**3. Observation History**

**4. Network Relationships**

**5. Neighborhood Analysis**

**6. Recommended Actions**