5.135.139.120
THREAT INTELLIGENCE BRIEFING: 5.135.139.120/32
CLASSIFICATION: LOW RISK - HOSTING PROVIDER INFRASTRUCTURE
DATE: 2026-06-25
ASSIGNED TO: SOC Operations
---
EXECUTIVE SUMMARY
Target IP 5.135.139.120 is a low-risk cloud hosting endpoint operated by OVH (ASN 16276) in France. The IP supports web server services with minimal threat indicators and maintains stable infrastructure characteristics. No evidence of persistent malicious activity detected.
---
INFRASTRUCTURE PROFILE
Network Classification: Cloud Compute Infrastructure
Provider: OVH (Octave Klaba)
Location: France (FR)
CIDR Block: 5.135.0.0/16
Network Role: Web Server/Hosting
DNS Resolution:
- PTR Hostname: ns319676.ip-5-135-139.eu
- Forward Resolution: Confirmed (1 record)
- Domain: ip-5-135-139.eu
- DNSSEC: Valid
Associated Domains:
- clubentreprisespaysdemorlaix.com (TLS Certificate Subject)
- www.clubentreprisespaysdemorlaix.com
TLS Certificate Details:
- Issuer: CN=Verokey Secure Web G2, O=Verokey, C=AU
- Status: Valid (not self-signed)
- HTTP Banner: Apache
---
THREAT INDICATORS
Overall Risk Score: 25/100 (Low Risk)
Threat Indicators:
- Abuse Confidence Score: Not applicable
- Known Attacker: False
- Spam Source: False
- Tor Exit Node: False
- Blacklist Count: 0
- DNSBL Listed: 1/8 lists
Network Security Flags:
- Has SPF: True
- Has DMARC: False
- Has HSTS: True
- Has CSP: True
Campaign Correlation: No known malicious campaigns or cert matches identified.
---
NETWORK CONTEXT
Subnet Analysis (5.135.139.0/24):
- Abuse Density: 1
- Classification: Mostly Clean
- Threat Siblings: 1
- Total Active Siblings: 1
Control Plane Data:
- Origin ASN: 16276 (OVH)
- Route Stability: Stable
- RPKI State: Not verified
- Route Changes (30d): 0
- Operator Score: 0.2609
---
OBSERVATION HISTORY
Total Observations: 25 signals across multiple categories
Recent Activity (2026-06-25):
- DNS signals showing SPF configuration (v=spf1 include:_mailcust.gandi.net ?all)
- DMARC record observed on parent domain
- Operator score maintained at 0.2609
Temporal Analysis:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Status: Not Persistently Malicious
- Threat Observation Count: 1
---
RELATIONSHIP MAPPING
Direct Associations:
- DNS Associations: ns319676.ip-5-135-139.eu
- Network Associations: OVH infrastructure
- Total Relationship Count: 48
Key Entity Links:
- OVH hosting network (multiple references)
- DNS hostname mappings
- Certificate authority relationships
---
SECURITY ACTIONS & RECOMMENDATIONS
Recommended Actions: None (Low Risk Profile)
Firewall Rules:
- Standard cloud hosting IP treatment recommended
- No specific block/allow rules required
- Monitor for reputation score changes
Threat Mitigation:
- No immediate threat indicators requiring action
- Standard web traffic monitoring sufficient
- No special handling for this endpoint
---
ANALYST NOTES
The target IP presents as a standard OVH cloud hosting endpoint with legitimate web server operations. The associated domain (clubentreprisespaysdemorlaix.com) appears to be a French business entity based on the domain name structure. While the subnet shows minimal threat presence (1 threat sibling), the target IP itself maintains low-risk characteristics with no active malicious indicators.
Threat Level: LOW
Action Required: NONE
Monitoring Priority: STANDARD
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Octave Klaba |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | ns319676.ip-5-135-139.eu |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | ns319676.ip-5-135-139.eu |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 1/2 domains |
| DMARC | 1/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | apache |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | clubentreprisespaysdemorlaix.comwww.clubentreprisespaysdemorlaix.com |
| Valid From | 2026-02-10T00:00:00+00:00 |
| Valid Until | 2027-02-10T23:59:59+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 365 days |
| Serial Number | 022AF5F9FCFAB514FDEC59FBA42EEFDD |
| Thumbprint | 0F5B42DC0C97F1A5AB5BF435102F5D70B7CF2EC8 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 24% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-08 05:02:21 UTC |
| Last Seen | 2026-06-27 12:45:44 UTC |
| Profile Built | 2026-06-28 06:51:39 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 31 |
Full dossier details are available via our API.