157.245.125.199

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## IP Intelligence Briefing: 157.245.125.199/32

Classification: Low Risk – Cloud Infrastructure Web Server

Report Date: 2026-06-21

---

Executive Summary

IP address 157.245.125.199 is a DigitalOcean cloud-hosted web server with an overall risk score of 25 (Low Risk). The IP exhibits no active threat indicators and maintains a "mostly_clean" classification within its /24 subnet. While geolocation data shows inconsistencies and the subnet contains two threat-adjacent neighbors, the IP itself shows no persistent malicious behavior. No immediate defensive action required.

---

Technical Profile

Ownership & Infrastructure

Organization: DigitalOcean, LLC
ASN: 14061
Network Block: 157.245.0.0/16 (DIGITALOCEAN-157-245-0-0)
Infrastructure Type: Cloud Compute (Cloud hosting provider)
Service Purpose: Web Server

Network Services

Open Ports: 80/tcp (HTTP), 443/tcp (HTTPS)
Web Server: nginx/1.14.0 (Ubuntu) + Phusion Passenger 6.0.18
TLS Certificate: Let's Encrypt (R12)
Certificate Subject: CN=production.unitingurantia.org
SANs: production.unitingurantia.org, staging.unitingurantia.org
Email Authentication: SPF and DMARC records present

---

Threat Assessment

Risk Metrics

Overall Risk Score: 25 (Low)
Provider Score: 0
Authority Score: 0
Abuse Confidence Score: Not applicable
Blacklist Count: 0
DNSBL Listed: 1 listing across 8 total lists
Tor Exit Node: No
Known Attacker: No
Spam Source: No

Control Plane Analysis

BGP Prefix: 157.245.112.0/20
Route Stability: False
RPKI State: Unverified
Operator Score: 0.1304 (Minimal)

---

Neighborhood Context

Subnet: 157.245.125.0/24

Abuse Density: 1
Classification: Mostly Clean
Total Siblings: 2
Active Siblings: 2
Threat Siblings: 2

Notable Neighbor:

157.245.125.104 – Risk Score: 25, Authority Score: 50

---

Observation History

Total Observations: 22
Timeframe: Most recent activity observed 2026-06-21
Threat Persistence Days: 0
Classification Trend: Consistently "mostly_clean"
Persistent Malicious Activity: None detected

---

Anomalies & Concerns

1. Geolocation Inconsistency: geoPlausible flag is false. Probe data indicates RTT of 25.0ms, which is significantly below the minimum possible 119.4ms for a 5,968km distance, suggesting unreliable geolocation reporting.

2. Route Stability: BGP routing shows instability (isRouteStable: false), which may indicate transient traffic patterns or infrastructure changes.

3. DNSBL Presence: 1 DNSBL listing detected across 8 total lists. Further investigation of blacklist specifics may be warranted.

---

Recommended Actions

Current Risk Level: LOW

No firewall rules recommended for immediate blocking
No specific security actions generated

Monitoring Recommendations:

Monitor for changes in DNSBL listing status
Track neighborhood risk levels in 157.245.125.0/24 subnet
Review BGP prefix stability if routing anomalies observed
Periodic re-evaluation recommended if threat context changes

For SOC Analysts:

This IP represents legitimate cloud infrastructure with low observed risk. No immediate incident response or blocking required. If this IP appears in incident logs, investigate context (legitimate traffic vs. compromised host). The domain production.unitingurantia.org should be verified as expected legitimate traffic.

---

Related Entities

Network: DIGITALOCEAN-157-245-0-0 (21 network relationship records)
Related IP: 157.245.125.104 (same /2

0/24 subnet)

Organization: DigitalOcean, LLC (14061)

---

Final Assessment

The IP address 157.245.125.199 represents a standard cloud web hosting environment with minimal observed threat activity. The risk profile is consistent with legitimate DigitalOcean infrastructure. The primary concern remains the geolocation data inconsistency and the presence of threat-adjacent neighbors in the immediate /24 subnet, neither of which indicate direct compromise of this specific IP.

Threat Level: LOW

Action Required: None

Review Interval: Periodic monitoring recommended if traffic anomalies emerge

---

End of Intelligence Briefing

Generated by IPDebrief

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	NJ
City	Clifton
Timezone	—
Latitude	40.84
Longitude	-74.14

🏢 Ownership & Registration

Organization	DigitalOcean, LLC
ASN	AS14061
Network Name	DIGITALOCEAN-157-245-0-0
CIDR Block	157.245.0.0/16
RIR	ARIN
Country	United States
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	2/2 domains
DMARC	1/2 domains
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured
Domains Checked	2 domains

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
Closed Ports	22, 25, 3389, 8080, 8443 (2 open / 7 scanned)

Server	nginx/1.14.0 (Ubuntu)
HTTP Title	—

🔐 TLS Certificate

🔒

CN=production.unitingurantia.org

Issued by CN=R12, O=Let's Encrypt, C=US

Self-signed: No

SANs	production.unitingurantia.orgstaging.unitingurantia.org
Valid From	2026-05-18T18:35:01+00:00
Valid Until	2026-08-16T18:35:00+00:00
TLS Protocol	Tls12
Cipher Suite	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Signature Algorithm	sha256RSA
Validity Period	89 days
Serial Number	067FF8FB9894D5D2EBB7D81569EE734CA7D7
Thumbprint	CC65AAB035096C39C8D52B14AC99963140A35E29

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	4
routing	13%	1	1
services	27%	2	3
ownership	27%	2	3
reputation	22%	1	3
geolocation	33%	2	4
Overall	25%	10	18

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-30 10:58:11 UTC
Last Seen	2026-06-29 07:31:12 UTC
Profile Built	2026-06-29 07:34:34 UTC
Data Freshness	Live
Signal Types	23
Total Observations	24

🔍 23 signal types · 24 observations collected

This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

157.245.125.199📋 Copy