# IP Intelligence Briefing: 51.38.123.130
Date: 2026-06-27
Classification: Moderate Risk (Score: 40/100)
Analyst: IPDebrief Intelligence
---
## Executive Summary
IP 51.38.123.130 is a cloud hosting endpoint operated by OVH Hosting Limited (AS16276) from Ireland. The asset exhibits a moderate risk profile with no active threat indicators. The IP terminates HTTP and RDP services and maintains a consistent cloud infrastructure classification over the observation period.
---
## Technical Profile
| Attribute | Value |
|---|---|
| **IP Address** | 51.38.123.130/32 |
| **Provider** | OVH Hosting Limited (AS16276) |
| **Location** | Ireland (IE), Dublin timezone |
| **Network Role** | Cloud Compute / Hosting Provider |
| **Infrastructure Type** | Cloud |
| **Reverse DNS** | ip130.ip-51-38-123.eu |
| **Status Code** | HTTP 404 |
---
## Network Services
| Port | Protocol | Service | Banner |
|---|---|---|---|
| 80 | TCP | HTTP | โ |
| 3389 | TCP | RDP | โ |
Server Signature: Microsoft-IIS/7.5
Security Headers:
- HSTS: Not present
- CSP: Not present
- Referrer Policy: Not present
---
## Threat Assessment
Current Status:
- Risk Score: 40/100 (Moderate)
- Blacklist Count: 0
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Campaign Association: None identified
DNSBL Exposure: 2 of 8 lists
Abuse Confidence: Not scored
---
## Historical Observations (26 signals)
Timeline: Observations span from 2026-06-19 to 2026-06-27
Key Signals:
- Infrastructure: Consistent cloud hosting classification (OVH)
- AS Path: 1403 โ 16276 (stable BGP routing)
- Server Fingerprint: Microsoft-IIS/7.5 (consistent)
- Network: 51.38.0.0/16 prefix (stable)
- Subnet Classification: Mostly clean with inherited risk of 2
No significant changes in infrastructure type, provider, or geolocation over the observation window.
---
## Relationship Analysis
Total Relationships: 56
Primary Associations:
- DNS: ip130.ip-51-38-123.eu
- Network: OVH-DEDICATED-FO
- ASN: 16276 (OVH)
No evidence of lateral movement or associated malicious infrastructure.
---
## Neighborhood Analysis (Subnet: 51.38.123.130/24)
| Metric | Value |
|---|---|
| **Subnet Classification** | Mostly Clean |
| **Abuse Density** | 1 (Low) |
| **Total Siblings** | 1 |
| **Active Siblings** | 1 |
| **Threat Siblings** | 1 |
Inherited Risk: 2/10
Assessment: Subnet exhibits low abuse activity. Single threat sibling observed within the /24.
---
## Control Plane Data
| Parameter | Value |
|---|---|
| **Origin ASN** | 16276 |
| **BGP Prefix** | 51.38.0.0/16 |
| **RPKI State** | Not evaluated |
| **Route Stability** | Stable (0 changes in 30d) |
| **MoAS** | No |
| **Delegation Age** | 9,250 days |
| **DNSSEC** | Valid |
---
## SOC Recommendations
Priority: Monitor
Suggested Actions:
1. RDP Exposure: IP terminates RDP (3389). Implement rate limiting or geo-blocking for RDP access to prevent brute force attempts.
2. HTTP 404 Response: Endpoint returns 404 for HTTP requests. Verify intended service availability or implement proper HTTP handling.
3. DNSBL Monitoring: IP listed on 2 DNSBLs. Investigate listing sources for potential false positives or legitimate abuse history.
4. Subnet Context: Monitor 51.38.123.130/24 for correlated activity. Single threat sibling warrants observation but does not indicate coordinated campaign.
5. No Immediate Blocking: Moderate risk score with no active threat indicators. Continue baseline monitoring; no firewall blocking recommended at this time.
---
End of Briefing
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH Hosting Limited |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | 51.38.0.0/16 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | ip130.ip-51-38-123.eu |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | ip130.ip-51-38-123.eu |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Multi-Service Host |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 3389 | rdp | tcp | โ |
| Closed Ports | 22, 25, 443, 8080, 8443 (2 open / 7 scanned) | ||
| Server | Microsoft-IIS/7.5 |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 30% | 2 | 3 |
| ownership | 35% | 3 | 6 |
| reputation | 24% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 29% | 12 | 22 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-12 21:55:36 UTC |
| Last Seen | 2026-06-27 22:13:02 UTC |
| Profile Built | 2026-06-28 16:17:47 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 30 |
Full dossier details are available via our API.