145.239.158.101
# THREAT INTELLIGENCE BRIEFING
Target: 145.239.158.101/32
Classification: Low Risk / Legitimate Hosting Infrastructure
Generated: 2026-06-17
---
## EXECUTIVE SUMMARY
IP address 145.239.158.101 is registered to OVH SAS (ASN 16276), a major European hosting provider. The IP demonstrates low-risk characteristics with a risk score of 30. Analysis indicates legitimate web hosting infrastructure with no active malicious indicators detected. No immediate blocking or mitigation actions are recommended.
---
## RISK ASSESSMENT
| Metric | Value | Assessment |
|---|---|---|
| Risk Score | 30 | Low Risk |
| Provider Score | 0 | Clean |
| Authority Score | 0 | Clean |
| Stability Score | 0 | N/A |
| DNSBL Listed | 1 of 8 lists | Minor concern |
| Abuse Confidence | N/A | Low |
Overall Classification: LOW RISK โ Standard hosting infrastructure
---
## OWNERSHIP & GEOLOCATION
- Organization: OVH SAS (ASN 16276)
- Location: Roubaix, Hauts-de-France, France (FR)
- Registration: RIR: RIPE
- Network Role: Hosting Provider (Cloud Infrastructure)
- Connection Type: Web Server
---
## NETWORK SERVICES & DNS
Open Ports:
- TCP/80 (HTTP) โ nginx
- TCP/443 (HTTPS) โ nginx
- TCP/22 (SSH) โ OpenSSH 7.9p1 Debian-10
- TCP/8443 (HTTPS-ALT)
DNS Configuration:
- PTR Hostname: hr4282858884.reseller.mis.ovh.net
- Forward Resolution: Confirmed
- Email Authentication: SPF and DMARC configured
TLS Certificate:
- Issuer: Let's Encrypt (R13)
- Subject: hr4282858884.reseller.mis.ovh.net
- Self-Signed: No
---
## THREAT INDICATORS
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Known Campaigns: None detected
- Blacklist Count: 0
- Pulsedive Risk: N/A
Control Plane:
- Route Stability: Unstable (isRouteStable: false)
- RPKI State: N/A
- IRR Consistency: N/A
- DNSSEC Valid: Yes
---
## NETWORK NEIGHBORHOOD ANALYSIS
Subnet: 145.239.158.101/24
- Abuse Density: 1 (Low)
- Classification: Mostly Clean
- Active Siblings: 1
- Threat Siblings: 1
The IP resides in a predominantly clean subnet with minimal abuse activity. One neighboring IP shows threat indicators, suggesting localized activity rather than widespread compromise.
---
## OBSERVATION HISTORY
Total Observations: 25
Recent Activity: 2026-06-17 (HTTP/2, HTTPS)
Signal Trends:
- HTTP/2 enabled with HSTS header absent
- Response time: ~324ms (TTFB)
- RTT: 87-96ms (avg 91.8ms)
- Distance: 500.4km from claimed location
- Geo Validation: Plausible
No evidence of escalating threat behavior over the observation period.
---
## RELATIONSHIP GRAPH
Identified Associations:
- DNS Association: hr4282858884.reseller.mis.ovh.net (OVH reseller hostname)
- Network Associations: Multiple PCI-GRA3 network references
No direct associations to known malicious infrastructure.
---
## RECOMMENDED ACTIONS
Current Risk Level: LOW
Recommended Action: MONITOR โ No immediate blocking required
Firewall Rules: Not recommended
WAF Rules: Not recommended
Blocking Threshold: Risk score below action threshold (30 < 50)
---
## ANALYST NOTES
IP 145.239.158.101 represents standard OVH hosting infrastructure with legitimate web server services. The single DNSBL listing is a minor concern but does not constitute actionable threat evidence. SOC analysts should monitor for changes in the threat profile, particularly given the subnet contains one threat sibling. No immediate defensive action required; continue normal traffic monitoring.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH SAS |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | hr4282858884.reseller.mis.ovh.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | hr4282858884.reseller.mis.ovh.net |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| 8443 | https-alt | tcp | โ |
| Closed Ports | 25, 3389, 8080 (4 open / 7 scanned) | ||
| Server | nginx |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2 |
๐ TLS Certificate
| SANs | hr4282858884.reseller.mis.ovh.net |
| Valid From | 2026-04-22T22:36:42+00:00 |
| Valid Until | 2026-07-21T22:36:41+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 057A338B836A69D85A16401EE1E619AF5A73 |
| Thumbprint | DC7DD967027297D6098528442472F57840995FF1 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 25% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:44 UTC |
| Last Seen | 2026-06-26 23:30:07 UTC |
| Profile Built | 2026-06-27 19:44:13 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 31 |
Full dossier details are available via our API.