151.80.61.151
# Intelligence Briefing: 151.80.61.151/32
Classification: MODERATE RISK | Last Updated: 2026-06-14
---
## Executive Summary
IP 151.80.61.151 is a cloud-hosted infrastructure endpoint associated with OVH SAS (ASN 16276), located in Roubaix, France. The IP demonstrates moderate risk (Score: 50) due to DNSBL listings, though the surrounding /24 subnet remains classified as "mostly_clean" with zero threat siblings. No active malicious campaigns or correlation with known attacker infrastructure have been identified.
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **Organization** | OVH SAS |
| **ASN** | 16276 |
| **Country** | France (FR) |
| **City** | Roubaix |
| **Infrastructure Type** | Cloud Compute / Hosting |
| **Network Role** | Single-Service Host |
| **Risk Score** | 50 (Moderate) |
---
## Technical Observations
DNS Resolution:
- Primary hostname: `vps-5d95afd4.vps.ovh.net`
- Forward resolution confirmed: Yes
- SPF/DMARC: Configured (SPF: true, DMARC: true)
Service Enumeration:
- Port 22/TCP: SSH (OpenSSH 10.0p2 Debian-7~bpo12+1)
- Web Server: nginx/1.18.0 (HTTP/1.1)
- TLS Certificate: None detected
- HTTP Status: 200 (Generator: Odoo)
---
## Threat Indicators
| Indicator | Status |
|---|---|
| **DNSBL Listings** | 2 of 8 total lists |
| **Known Attacker** | No |
| **Tor Exit Node** | No |
| **Spam Source** | No |
| **Active Campaigns** | None |
| **Blacklist Count** | 0 |
Control Plane:
- BGP Prefix: 151.80.0.0/16
- Route Stability: False
- RPKI State: Not validated
- DNSSEC: Valid
---
## Temporal Analysis
Observation History:
- Total Observations: 23
- Recent Activity: 2026-06-14
- Threat Observation Count: 1
- Threat Persistence: 0 days
- Ownership Changes: 0
The IP has demonstrated persistent ownership with no recent changes to infrastructure ownership.
---
## Neighborhood Assessment
Subnet: 151.80.61.0/24
- Abuse Density: 0 (Clean)
- Classification: Mostly Clean
- Threat Siblings: 0
- Active Siblings: 1 (same IP)
The surrounding subnet shows no elevated threat density, suggesting this IP operates in isolation without coordinated neighbor activity.
---
## Relationship Graph
Total Relationships: 65
- DNS Associations: Multiple entries to `vps-5d95afd4.vps.ovh.net`
- Network Associations: OVH infrastructure
- No external organizational or certificate relationships detected
---
## Recommended Actions
| Action | Priority |
|---|---|
| Monitor DNSBL listing changes | Medium |
| Allow SSH access if legitimate business need exists | Low |
| Block if outbound traffic to known malicious destinations | Medium |
| Continue monitoring for new campaign indicators | Low |
---
## Intelligence Notes
1. Cloud Environment: This IP operates within OVH's cloud infrastructure, which may limit investigation capabilities.
2. DNSBL Presence: The 2 DNSBL listings warrant monitoring but do not indicate active malicious activity.
3. Geolocation Consistency: 5 probe signals confirm France location with ~307km validation distance.
4. No Campaign Correlation: Zero matches with known threat campaigns or correlated malicious IPs.
Status: Monitor | Confidence: High
---
*This briefing is based on IPDebrief intelligence data as of 2026-06-14. All data should be validated against internal threat intelligence sources before operational decision-making.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH SAS |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vps-5d95afd4.vps.ovh.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vps-5d95afd4.vps.ovh.net |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 1/2 domains |
| DMARC | 1/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 8080 | http-alt | tcp | โ |
| Closed Ports | 22, 25, 3389, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.18.0 (Ubuntu) |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | serp.seniatna.tn |
| Valid From | 2026-06-05T09:03:23+00:00 |
| Valid Until | 2026-09-03T09:03:22+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 05980890E85177E724215F6C7CA05AFFA8C4 |
| Thumbprint | C9E3DB3E4858F47B72CA06ABFCAC08AA429461EF |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 34% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 37% | 2 | 3 |
| Overall | 27% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-09 11:33:37 UTC |
| Last Seen | 2026-06-27 15:20:53 UTC |
| Profile Built | 2026-06-28 09:25:44 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 31 |
Full dossier details are available via our API.