IP Intelligence Briefing: 178.218.144.64
Date: 2026-06-16
---
**1. Core Profile**
- Risk Score: 70 (High Risk)
- Provider: LOWHOSTING-MNT (RIPE)
- Geolocation: Italy (Rovigo), Latitude/Longitude: N/A, Timezone: Europe/Rome
- Network Role: Hosting (Colocation)
- Services:
- Open ports: SSH (22/TCP), HTTPS-alt (8443/TCP)
- TLS Certificate: Issued to `www.lbvc4e6x3uemnx.com`, SANs unspecified
- No HTTP server banner detected
---
**2. Threat Indicators**
- Tor Exit Node: Confirmed (observed via Tor exit indicators)
- Abuse Flags:
- 1 DNSBL listing (potential spam or malicious activity)
- No known attacker campaigns or spam sources
- Subnet Abuse Density: 40% (medium risk within 178.218.144.0/24)
---
**3. Observation History**
- Recent Activity (Last 26 Observations):
- Tor exit node activity detected (1 observation)
- Minimal risk score (0.13) from 2349 signal type
- TLS certificate and SSH banner scans (no critical vulnerabilities)
- ICMP validation failed (potential firewall blocking)
---
**4. Network Relationships**
- Linked Entities:
- Same network: `IT-LowHosting-Services` (repeated 35+ times)
- Subnet: 178.218.144.0/24 (4 neighbors analyzed)
- DNS: `178.218.144.64.lowhosting.org` (PTR record confirmed)
---
**5. Neighborhood Analysis**
- Subnet (178.218.144.0/24):
- Total IPs: 256
- Active Neighbors: 2 (high/medium risk)
- Risk Distribution:
- 4 medium-risk neighbors (scores: 40โ59)
- 1 high-risk neighbor (score: 59)
- Abuse Density: 40% (mostly clean, but elevated risk)
---
**6. Recommended Actions**
- Block Tor Exit Traffic:
- Implement firewall rules to restrict traffic from 178.218.144.64 to Tor networks.
- Monitor SSH Access:
- Audit SSH logs for unauthorized access attempts on port 22.
- Investigate Subnet Activity:
- Focus on neighbors with medium/high risk (e.g., 178.218.144.99).
- Verify TLS Certificates:
- Check validity of certificates for `www.lbvc4e6x3uemnx.com` and SANs.
---
Conclusion: This IP is associated with a hosting provider in Italy and exhibits Tor exit node activity. While not directly malicious, its subnet contains medium-risk neighbors, and the high-risk score warrants closer monitoring. SOC teams should prioritize isolating Tor-related traffic and validating TLS/SSH configurations.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | LOWHOSTING-MNT |
| ASN | AS212508 |
| Network Name | โ |
| CIDR Block | 178.218.144.0/24 |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | 178.218.144.64.lowhosting.org |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 178.218.144.64.lowhosting.org |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Multi-Service Host |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| 8443 | https-alt | tcp | โ |
| Closed Ports | 25, 80, 443, 3389, 8080 (2 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3 |
๐ TLS Certificate
| SANs | None |
| Valid From | 2026-05-11T00:00:00+00:00 |
| Valid Until | 2026-08-22T00:00:00+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 103 days |
| Serial Number | 11AA02965F819E63 |
| Thumbprint | 12DA430ADDAF1F1D5D2B293B5E21650F0BF13726 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 21% | 2 | 2 |
| ownership | 39% | 3 | 7 |
| reputation | 26% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 29% | 12 | 22 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 13:35:40 UTC |
| Last Seen | 2026-06-26 21:06:52 UTC |
| Profile Built | 2026-06-27 16:21:11 UTC |
| Data Freshness | Live |
| Signal Types | 29 |
| Total Observations | 61 |
Full dossier details are available via our API.