5.135.245.164
# IP Intelligence Briefing: 5.135.245.164/32
Classification: Moderate Risk | Risk Score: 55/100 | Status: Active Monitoring Recommended
---
## Executive Summary
IP address 5.135.245.164 is hosted on OVH Hosting OY (AS16276) infrastructure with a moderate risk profile. The IP is geolocated to Finland (FI) but historical signals indicate presence in France (FR). The address is associated with a cloud computing environment and has no open services detected. Recent threat indicators show elevated activity requiring SOC review.
---
## Ownership & Infrastructure
- Organization: OVH HOSTING OY
- ASN: 16276 (OVH)
- Network Block: 5.135.0.0/16
- Infrastructure Type: CloudCompute
- BGP Origin: 5.135.0.0/16 (AS16276)
- Routing Status: Unstable (isRouteStable: false)
---
## Geographic & Network Context
- Primary Location: FI (Finland), Europe/Helsinki timezone
- GeoAccuracy Radius: 750km
- DNS Resolution: info6.nobukiyo.ninja (forward confirmed)
- Network Classification: Hosting provider with cloud infrastructure
- IP Classification: Bogon: No | Anycast: No | CDN: No
---
## Threat Indicators & Reputation
- Reputation: Moderate Risk (55/100)
- Blacklist Status: Listed on 3 of 8 DNSBLs
- Abuse Confidence: Not explicitly scored
- Known Campaigns: None detected
- Threat Feeds: No active threat feed indicators
- Tor/Proxy: Not a Tor exit node or known proxy
---
## Neighborhood Analysis (5.135.245.0/24)
- Subnet Abuse Density: 0.5 (moderate)
- Total Siblings: 2 IPs in subnet
- Active Siblings: 0
- Threat Siblings: 1
- Neighbor IP: 5.135.245.100 (Risk Score: 55)
- Classification: Mostly clean subnet
---
## DNS Intelligence
- PTR Hostname: info6.nobukiyo.ninja
- Forward Confirmation: False (reverse DNS does not match A record)
- Forward Resolution Count: 1
- Email Authentication: SPF: No, DMARC: No
- DNSSEC: Valid
---
## Observation History (19 signals recorded)
- Latest Signal: 2026-06-20 โ Threat indicators detected (2 pulse events)
- Historical Signals:
- 2026-06-15: Subnet abuse density 0.5, mostly clean classification
- 2026-06-15: No persistent malicious activity detected
- 2026-06-15: BGP prefix analysis (5.135.0.0/16)
- Threat Persistence: 0 days
- Ownership Changes: 0
---
## Network Behavior & Services
- Open Ports: None detected
- HTTP/HTTPS: No services responding
- Banner Grab: None
- TLS Certificate: Not detected
- Service Status: Firewalled / No Services
---
## Relationships (32 total)
- Same Network Associations: 17 entries (OVH-DEDICATED-FO networks)
- DNS Associations: 15 entries (info6.nobukiyo.ninja)
- Primary Association Type: Cloud infrastructure within OVH network
---
## Recommended Actions
| Platform | Action |
|---|---|
| **General** | Increase logging verbosity; review recent activity |
| **iptables** | `iptables -A INPUT -s 5.135.245.164 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 5.135.245.164 drop` |
| **nginx** | `deny 5.135.245.164;` |
| **pfSense** | Add 5.135.245.164/32 to block list |
| **Cloudflare WAF** | Block rule: `ip.src eq 5.135.245.164` |
| **AWS WAF** | `Addresses: ["5.135.245.164/32"]` |
---
## Analyst Notes
This IP represents a moderate-risk indicator from OVH cloud infrastructure. The presence of DNSBL listings and recent threat signal activity warrants monitoring. No open services detected reduces immediate exploitation risk, but the IP should be blocked at perimeter defenses. Consider blocking the associated subnet (5.135.245.0/24) if broader threat context is confirmed. The DNS hostname "info6.nobukiyo.ninja" should be reviewed for potential malicious content or reputation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH HOSTING OY |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | info6.nobukiyo.ninja |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | info6.nobukiyo.ninja |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 22% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-24 18:41:26 UTC |
| Last Seen | 2026-06-29 00:38:18 UTC |
| Profile Built | 2026-06-29 06:40:14 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 22 |
Full dossier details are available via our API.