188.165.220.78
IP Intelligence Briefing: 188.165.220.78
Date: 2026-06-15
---
**1. Risk Profile**
- Risk Score: 25 (Low Risk)
- Provider: OVH (ASN 16276)
- Ownership: Octave Klaba (RIPE RIR)
- Geolocation: France (FR), no city/latitude/longitude specified.
- Threat Indicators: No malicious activity detected (no blacklists, campaigns, or abuse reports).
---
**2. Network Configuration**
- Services:
- HTTP/HTTPS (ports 80/443) with nginx/1.26.1 server banner.
- SSH (port 22) with OpenSSH 7.4.
- Valid TLS certificate (Letβs Encrypt) for `server1.uxdonut.com.br`.
- DNS:
- PTR record: `server1.uxdonut.com.br` (forwarded, no email auth).
- No SPF/DKIM/DNSSEC misconfigurations.
- Network Role:
- Cloud compute infrastructure (OVH), no CDN/VPN/proxy detected.
- Hosting: Yes (web server).
---
**3. Observation History (Last 30 Days)**
- Activity:
- Stable network behavior; no abrupt changes in routing or services.
- DNSsec validation active; no DNSBL listings.
- HTTP service consistently active (200 OK status, HSTS enabled).
- Threat Signals:
- No malicious campaigns, spam, or attacker activity observed.
- Low-risk classification persists across all signals.
---
**4. Relationships & Neighbors**
- DNS Associations:
- Linked to `server1.uxdonut.com.br` (multiple DNS records).
- Network Neighbors:
- Subnet `188.165.220.0/24` has 0 malicious IPs (abuse density 0).
- No high-risk siblings or active threats in the subnet.
---
**5. Recommendations**
- Monitoring:
- No immediate action required.
- Monitor for unexpected DNS changes or service disruptions.
- Firewall:
- Allow standard ports (80, 443, 22) for web/SSH traffic.
- No blocking rules needed based on current risk profile.
---
Conclusion: 188.165.220.78 is a legitimate OVH-hosted web server with no signs of malicious activity. No action required; continue routine monitoring.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Octave Klaba |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | β |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | server1.uxdonut.com.br |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | server1.uxdonut.com.br |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.26.1 |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_7.4 |
π TLS Certificate
| SANs | server1.uxdonut.com.br |
| Valid From | 2026-05-10T02:26:04+00:00 |
| Valid Until | 2026-08-08T02:26:03+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 063A14AF072B848D7A2F345C2A5AF291CDB6 |
| Thumbprint | 1C5FB5F20273215AFADD08EB4B035E39C8E2ACFD |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-23 00:19:08 UTC |
| Last Seen | 2026-06-28 20:12:32 UTC |
| Profile Built | 2026-06-29 08:17:49 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 23 |
Full dossier details are available via our API.