51.38.123.130

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 51.38.123.130

Date: 2026-06-27

Classification: Moderate Risk (Score: 40/100)

Analyst: IPDebrief Intelligence

---

## Executive Summary

IP 51.38.123.130 is a cloud hosting endpoint operated by OVH Hosting Limited (AS16276) from Ireland. The asset exhibits a moderate risk profile with no active threat indicators. The IP terminates HTTP and RDP services and maintains a consistent cloud infrastructure classification over the observation period.

---

## Technical Profile

Attribute	Value
IP Address	51.38.123.130/32
Provider	OVH Hosting Limited (AS16276)
Location	Ireland (IE), Dublin timezone
Network Role	Cloud Compute / Hosting Provider
Infrastructure Type	Cloud
Reverse DNS	ip130.ip-51-38-123.eu
Status Code	HTTP 404

---

## Network Services

Port	Protocol	Service	Banner
80	TCP	HTTP	—
3389	TCP	RDP	—

Server Signature: Microsoft-IIS/7.5

Security Headers:

HSTS: Not present
CSP: Not present
Referrer Policy: Not present

---

## Threat Assessment

Current Status:

Risk Score: 40/100 (Moderate)
Blacklist Count: 0
Known Attacker: No
Spam Source: No
Tor Exit Node: No
Campaign Association: None identified

DNSBL Exposure: 2 of 8 lists

Abuse Confidence: Not scored

---

## Historical Observations (26 signals)

Timeline: Observations span from 2026-06-19 to 2026-06-27

Key Signals:

Infrastructure: Consistent cloud hosting classification (OVH)
AS Path: 1403 → 16276 (stable BGP routing)
Server Fingerprint: Microsoft-IIS/7.5 (consistent)
Network: 51.38.0.0/16 prefix (stable)
Subnet Classification: Mostly clean with inherited risk of 2

No significant changes in infrastructure type, provider, or geolocation over the observation window.

---

## Relationship Analysis

Total Relationships: 56

Primary Associations:

DNS: ip130.ip-51-38-123.eu
Network: OVH-DEDICATED-FO
ASN: 16276 (OVH)

No evidence of lateral movement or associated malicious infrastructure.

---

## Neighborhood Analysis (Subnet: 51.38.123.130/24)

Metric	Value
Subnet Classification	Mostly Clean
Abuse Density	1 (Low)
Total Siblings	1
Active Siblings	1
Threat Siblings	1

Inherited Risk: 2/10

Assessment: Subnet exhibits low abuse activity. Single threat sibling observed within the /24.

---

## Control Plane Data

Parameter	Value
Origin ASN	16276
BGP Prefix	51.38.0.0/16
RPKI State	Not evaluated
Route Stability	Stable (0 changes in 30d)
MoAS	No
Delegation Age	9,250 days
DNSSEC	Valid

---

## SOC Recommendations

Priority: Monitor

Suggested Actions:

1. RDP Exposure: IP terminates RDP (3389). Implement rate limiting or geo-blocking for RDP access to prevent brute force attempts.

2. HTTP 404 Response: Endpoint returns 404 for HTTP requests. Verify intended service availability or implement proper HTTP handling.

3. DNSBL Monitoring: IP listed on 2 DNSBLs. Investigate listing sources for potential false positives or legitimate abuse history.

4. Subnet Context: Monitor 51.38.123.130/24 for correlated activity. Single threat sibling warrants observation but does not indicate coordinated campaign.

5. No Immediate Blocking: Moderate risk score with no active threat indicators. Continue baseline monitoring; no firewall blocking recommended at this time.

---

End of Briefing

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇮🇪 Ireland
Region	—
City	—
Timezone	Europe/Dublin
Latitude	53.14
Longitude	-7.69

🏢 Ownership & Registration

Organization	OVH Hosting Limited
ASN	AS16276
Network Name	—
CIDR Block	51.38.0.0/16
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	ip130.ip-51-38-123.eu
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`ip130.ip-51-38-123.eu`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Multi-Service Host
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
3389	rdp	tcp	—
Closed Ports	22, 25, 443, 8080, 8443 (2 open / 7 scanned)

Server	Microsoft-IIS/7.5
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	29%	2	4
routing	27%	2	3
services	30%	2	3
ownership	35%	3	6
reputation	24%	1	3
geolocation	33%	2	3
Overall	29%	12	22

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-12 21:55:36 UTC
Last Seen	2026-06-27 22:13:02 UTC
Profile Built	2026-06-28 16:17:47 UTC
Data Freshness	Live
Signal Types	25
Total Observations	30

🔍 25 signal types · 30 observations collected

This report is generated from 25+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

Metric	Value
Subnet Classification	Mostly Clean
Abuse Density	1 (Low)
Total Siblings	1
Active Siblings	1
Threat Siblings	1

51.38.123.130📋 Copy