5.135.4.149
# IP Intelligence Briefing: 5.135.4.149
Classification: LOW RISK
Date: 2026-06-19
Prepared for: SOC Operations
---
## Executive Summary
IP 5.135.4.149 is a low-risk residential cloud infrastructure endpoint hosted on OVH cloud network. The IP demonstrates no active threat indicators and maintains a stable reputation profile. While the subnet contains one threat sibling, this IP itself shows no malicious behavior. No immediate defensive actions required.
---
## Profile Analysis
Reputation Score: 25/100 (Low Risk)
Network Classification: CloudCompute / Web Server
ASN: 16276 (OVH SAS)
Geolocation: Roubaix, Hauts-de-France, France (FR)
Infrastructure Type: Cloud Hosting
Network Role:
- Cloud Provider: OVH
- Connection Type: Public Cloud
- Hosting: Yes
- Proxy/VPN/Tor: No
- CDNetwork: No
Services:
- Port 80/TCP: HTTP (nginx/1.24.0)
- Port 443/TCP: HTTPS
- Server Banner: nginx/1.24.0 (Ubuntu)
DNS Analysis:
- PTR Hostname: ip149.ip-5-135-4.eu
- Hosted Domains: 5
- ip149.ip-5-135-4.eu
- alpha-test.securinfor.fr
- eva-inv.securinfor.fr
- eva16-dev.securinfor.fr
- eva16-test.securinfor.fr
- SPF: Configured
- DMARC: Configured
- DNSSEC: Valid
TLS Certificate:
- Issuer: Let's Encrypt (CN=E8, O=Let's Encrypt, C=US)
- Subject: CN=alpha-test.securinfor.fr
- Self-Signed: No
---
## Threat Indicators
Active Threats: None
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- Pulsedive Risk: Not Available
- Threat Feeds: Empty
Control Plane:
- DNSBL Listed: 1 out of 8 lists
- Operator Score: 0.2609 (Basic)
- Route Stability: False
- Route Changes (30d): 0
---
## Observation History
Total Observations: 24
Observation Period: 2026-06-15 to 2026-06-19
Threat Persistence: 0 days
Status Change: No significant degradation observed
Recent Signals:
- 2026-06-19: HTTP response analysis (Status: 303 Redirect, HSTS Enabled)
- 2026-06-15: Subnet classification "mostly_clean"
- 2026-06-15: Geolocation inference (FR, confidence 0.52)
- 2026-06-15: Operator scoring (Basic, score 0.2609)
---
## Relationships Graph
Total Relationships: 44
Primary Associations:
- DNS Associations: ip149.ip-5-135-4.eu
- Network Affiliation: OVH
- Multiple hostname mappings across OVH infrastructure
Related Entities: No high-risk organizational or campaign associations identified.
---
## Neighborhood Analysis
Subnet: 5.135.4.0/24
Abuse Density: 1 (Low)
Classification: mostly_clean
Total Siblings: 1
Active Siblings: 1
Threat Siblings: 1
Risk Distribution:
- High Risk: 0
- Medium Risk: 0
- Low Risk: 1 (this IP)
The subnet shows minimal abuse activity, with one threat sibling detected in the broader /24 range. No correlation to known malicious campaigns.
---
## Recommended Actions
Current Status: No immediate action required
Risk Score: 25 (Low)
Provider Score: 0
Authority Score: 0
Firewall Rules: None generated (risk below threshold)
WAF Recommendations: None required
Monitoring Suggestions:
- Monitor for changes in DNSBL listings
- Track subnet abuse density trends
- Watch for new hosted domains on this IP
---
## Conclusion
IP 5.135.4.149 is a legitimate OVH cloud hosting endpoint with normal web server activity. The five hosted domains suggest test/development infrastructure for securinfor.fr. No defensive blocking is warranted. Standard network monitoring protocols apply. If the IP appears in incident traffic, investigate at the application layer rather than network level.
---
*End of Briefing*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH Technical Contact |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | ip149.ip-5-135-4.eu |
| Forward Confirmed | Yes โ FCrDNS verified |
| Hosted Domain | ip149.ip-5-135-4.eu |
| Hosted Domain | alpha-test.securinfor.fr |
| Hosted Domain | eva-inv.securinfor.fr |
| Hosted Domain | eva16-dev.securinfor.fr |
| Hosted Domain | eva16-test.securinfor.fr |
| Forward Hostnames | ip149.ip-5-135-4.eu |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 1/2 domains |
| DMARC | 2/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | nginx/1.24.0 (Ubuntu) |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | alpha-test.securinfor.fr |
| Valid From | 2026-04-15T12:15:37+00:00 |
| Valid Until | 2026-07-14T12:15:36+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 061ED817F7BB4FC05E24DA1730641250AE81 |
| Thumbprint | CD053884D3BF24EB7D9A5DC66DE0225AEA907363 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 25% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 02:16:50 UTC |
| Last Seen | 2026-06-28 13:01:24 UTC |
| Profile Built | 2026-06-29 07:06:42 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 28 |
Full dossier details are available via our API.