## IP Threat Intelligence Briefing: 51.91.177.30/32
Date: [Current Date]
Classification: Moderate Risk (Score: 55/100)
Status: Active Monitoring Recommended
---
Ownership and Network Context
Organization: OVH Hosting Limited (OVH-DEDICATED-FO)
ASN: 16276
Network Block: 51.91.177.0/25
Geolocation: Dublin 2, Ireland (IE) โ Coordinates: 53.14°N, 7.69°W
Infrastructure Type: CloudCompute / Hosting Environment
BGP Prefix: 51.91.0.0/16
The IP address is allocated to OVH's dedicated hosting infrastructure. The subnet operates within a cloud hosting environment with no direct CDN, VPN, or mobile carrier characteristics.
---
DNS and Hostname Resolution
PTR Record: info13.b.nuboyuki.com
Forward Resolution: nuboyuki.com (Confirmed)
Domain Status: Forward resolution verified
Email Auth: SPF and DMARC records present (requires validation)
The hostname "info13.b.nuboyuki.com" suggests automated service infrastructure. The "b.nuboyuki.com" subdomain pattern indicates batch or numbered host allocation.
---
Threat Assessment
Current Risk Score: 55/100 (Moderate)
Abuse Confidence Score: Not Assigned
Known Campaigns: None Identified
Known Attacker: False
Spam Source: False
Tor Exit Node: False
Blacklist Status:
- Listed on 3 of 8 DNSBL sources
- No active blacklist entries in standard threat feeds
- Pulsedive risk: Not assigned
Threat Indicators: Empty โ No direct threat indicators identified in current profile.
---
Network Environment Analysis
Subnet: 51.91.177.0/24
Abuse Density: 0.0 (Clean)
Sibling Count: 3 total, 1 active, 0 threat siblings
Neighbor Analysis:
| IP Address | Risk Score | Authority Score | Classification |
|---|---|---|---|
| 51.91.177.11 | 40 | 60 | Medium |
| 51.91.177.13 | 55 | 60 | Medium |
Observation: The /24 subnet demonstrates low overall abuse density but contains two medium-risk neighbors. This suggests the subnet is not a primary abuse vector but hosts some elevated-risk endpoints.
---
Historical Signal Analysis
Observation Count: 19 signals recorded
Timeframe: June 12โJune 21, 2026
Key Historical Changes:
- June 12: Subnet classified as "clean" with 0 inherited risk and 0 threat siblings
- June 21: Subnet reclassified as "mostly_clean" with 2 inherited risk and 1 threat sibling
- Operator Score: 0.2609 (Basic classification)
Temporal Assessment: The subnet classification has degraded from "clean" to "mostly_clean" within the observation window, indicating emerging or transient activity patterns.
---
Service and Port Analysis
Open Ports: None detected
Service Status: Firewalled / No Services
TLS Certificate: Not detected
HTTP Banner: Not detected
The IP appears to be in a firewalled state with no active service enumeration. This is consistent with OVH hosting infrastructure where services may be behind additional layers.
---
Control Plane and Routing
Route Stability: False
BGP Prefix: 51.91.0.0/16
RPKI State: Not assessed
IRR Consistency: Not assessed
DNSSEC Validation: Valid
Route Changes (30d): 0
The origin ASN is route-stable but shows route instability flags, suggesting dynamic routing changes within the provider's infrastructure.
---
Recommended Actions
Priority: HIGH โ Increase monitoring and logging
| System | Recommended Action |
|---|---|
| **Firewall** | Block 51.91.177.30/32 |
| **iptables** | `iptables -A INPUT -s 51.91.177.30 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 51.91.177.30 drop` |
| **nginx** | `deny 51.91.177.30;` |
| **pfSense** | Block 51.91.177.30/32 |
| **Cloudflare WAF** | Configure expression: `ip.src eq 51.91.177.30` โ BLOCK |
| **AWS WAF** | Add to IP Set with CIDR: 51.91.177.30/32 |
Monitoring Recommendation: Increase logging verbosity for this IP and review recent activity patterns. The moderate risk score combined with subnet degradation warrants enhanced visibility.
---
Intelligence Summary
IP 51.91.177.30 is a cloud-hosting endpoint under OVH infrastructure in Dublin, Ireland. While no direct threat indicators are present, the IP demonstrates:
1. Elevated Risk Profile: Score of 55/100 warrants defensive measures
2. Subnet Degradation: Classification shifted from "clean" to "mostly_clean"
3. DNSBL Presence: Listed on 3 of 8 DNSBL sources
4. Neighbor Risk: Two medium-risk siblings in the /24 subnet
Risk Assessment: This IP represents a moderate-risk endpoint in a hosting environment. While not currently associated with active campaigns or direct attack vectors, the subnet's emerging risk posture and DNSBL listings suggest potential for abuse. Implement firewall rules and enhanced logging per recommendations above.
---
*Intel generated by IPDebrief โ Defensive Security Operations*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH Hosting Limited |
| ASN | AS16276 |
| Network Name | OVH-DEDICATED-FO |
| CIDR Block | 51.91.177.0/25 |
| RIR | ARIN |
| Country | IE |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | info13.b.nuboyuki.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | info13.b.nuboyuki.com |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 19% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 17% | 9 | 11 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-06-03 12:22:14 UTC |
| Last Seen | 2026-06-29 12:41:26 UTC |
| Profile Built | 2026-06-29 12:46:43 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 19 |
Full dossier details are available via our API.