IP Intelligence Briefing: 51.75.149.221
Date: 2026-06-14
---
**1. Risk Profile**
- Risk Score: Moderate (50/100)
- Provider: OVH (ASN 16276)
- Network Role: CloudCompute infrastructure (Hosting, SSH, HTTP/HTTPS services)
- Geolocation: Netherlands (NL), coordinates 49.38°N, 3.85°E (plausible)
- Threat Indicators: No direct malicious activity detected (no blacklists, spam, or campaigns).
---
**2. Network & Service Analysis**
- Services:
- HTTP (port 80), HTTPS (port 443), SSH (port 22), and HTTP-alt (port 8080)
- Server banner: `Apache/2.4.62 (AlmaLinux) OpenSSL/3.5.1 PHP/8.4.15`
- TLS certificate:
- Issuer: `everest.renshosting.nl` (untrusted/unknown CA)
- SAN: `everest.renshosting.nl`
- Self-signed: False
- Hosting Provider: OVH CloudCompute (likely a legitimate infrastructure provider).
---
**3. Observation History (Last 30 Days)**
- Latest Signals (June 14, 2026):
- Geo-validation: 500.4 km from claimed location (plausible).
- HTTP scan: 404 response, no suspicious headers.
- Network classification: Stable CloudCompute infrastructure.
- Trends: No persistent malicious activity; risk score remains moderate.
---
**4. Relationships & Neighbors**
- DNS Associations:
- Resolves to `ip221.ip-51-75-149.eu` (no known malicious domains).
- Subnet Relationships:
- Part of `51.75.149.221/24` subnet.
- Neighbor Analysis: No neighboring IPs reported (subnet abuse density: 0%).
---
**5. Anomalies & Red Flags**
- TLS Certificate: Issuer (`everest.renshosting.nl`) lacks trustworthiness (no CA validation).
- Hosting Provider: OVH is legitimate, but the certificateβs origin requires verification.
- No Threat Indicators: No malware, phishing, or DDoS activity detected.
---
**6. Recommendations**
1. Verify TLS Certificate: Confirm the legitimacy of the certificate issuer (`everest.renshosting.nl`).
2. Monitor for Changes: Track updates to the serverβs HTTP/HTTPS services or DNS records.
3. Network Segmentation: Ensure this IP is isolated from critical assets, given its cloud-hosted nature.
4. Certificate Renewal: Check if the certificate is expired or compromised.
---
Conclusion:
The IP 51.75.149.221 is associated with a legitimate OVH CloudCompute instance, but its TLS certificate raises concerns. No direct malicious activity is detected, but further verification of the certificateβs origin is recommended. SOC teams should monitor for anomalies in service behavior or certificate changes.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Wennekes Suzanne |
| ASN | AS16276 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ip221.ip-51-75-149.eu |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ip221.ip-51-75-149.eu |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | 2/2 domains |
| DMARC | 0/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| 8080 | http-alt | tcp | β |
| Closed Ports | 25, 3389, 8443 (4 open / 7 scanned) | ||
| Server | Apache/2.4.62 (AlmaLinux) OpenSSL/3.5.1 PHP/8.4.15 |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.7 |
π TLS Certificate
| SANs | everest.renshosting.nl |
| Valid From | 2025-11-23T22:29:41+00:00 |
| Valid Until | 2026-11-23T22:29:41+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 365 days |
| Serial Number | 575575F8B4506B41 |
| Thumbprint | 7B50208A1C3DA0ED842EE39043C1EC0604E20DE9 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 37% | 2 | 3 |
| Overall | 26% | 10 | 17 |
| Data Coherence | Mixed Signals (68%) β 2 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
β TLS certificate claims US but primary geo says NL
π Observation Timeline π Live
| First Seen | 2026-05-08 23:18:42 UTC |
| Last Seen | 2026-06-27 14:39:21 UTC |
| Profile Built | 2026-06-28 08:46:01 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 30 |
Full dossier details are available via our API.