IP Intelligence Briefing: 178.32.138.28
Date: 2026-06-06
1. Reputation & Risk Profile
- Risk Score: 25 (Low Risk)
- Provider: OVH Srl (ASN 16276)
- Geolocation: Italy (IT), registered to IT-OVH network.
- Threat Indicators: No malicious activity detected (no indicators, blacklists, or campaigns).
2. Network & Service Analysis
- Network Role: Cloud compute infrastructure (OVH hosting).
- Open Ports:
- Port 80 (HTTP) with server banner "Microsoft-IIS/7.5" (outdated).
- Port 3389 (RDP), potentially exposing remote access.
- DNS: Resolves to `ip28.ip-178-32-138.eu` with DMARC record but no SPF.
3. Observation History
- Activity Trends: Minimal observed signals (21 total).
- Recent Data:
- HTTP scan detected IIS 7.5 (404 response, no active services).
- BGP stability flagged as "unstable" (route changes in 30 days).
- DNSSEC valid, but no CAA records.
4. Relationship & Neighborhood
- Subnet: 178.32.138.28/24.
- Neighbor Risk:
- One high-risk neighbor (178.32.138.54, score 40).
- Subnet abuse density: 0% (mostly clean).
- Connections: Linked to IT-OVH network and DNS hostname `ip28.ip-178-32-138.eu`.
5. Recommendations
- Monitor Neighbor: Investigate 178.32.138.54 for potential lateral movement or shared infrastructure.
- Secure Services:
- Patch outdated IIS 7.5 (port 80).
- Restrict RDP (port 3389) to trusted sources.
- Network Segmentation: Isolate cloud-hosted assets to limit exposure.
- DNS Validation: Confirm legitimacy of `ip28.ip-178-32-138.eu` to prevent domain spoofing.
Conclusion:
The IP is low-risk but resides in a subnet with a high-risk neighbor. The cloud-hosted environment and outdated services warrant closer monitoring. Focus on mitigating RDP access and verifying DNS associations.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH Srl |
| ASN | AS16276 |
| Network Name | IT-OVH |
| CIDR Block | 178.32.136.0/21 |
| RIR | RIPE |
| Country | IT |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | ip28.ip-178-32-138.eu |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | ip28.ip-178-32-138.eu |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Not configured |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Multi-Service Host |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 3389 | rdp | tcp | โ |
| Closed Ports | 22, 25, 443, 8080, 8443 (2 open / 7 scanned) | ||
| Server | Microsoft-IIS/7.5 |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 27% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 24% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-30 00:19:43 UTC |
| Last Seen | 2026-06-29 06:58:03 UTC |
| Profile Built | 2026-06-29 07:03:18 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 26 |
Full dossier details are available via our API.