2.58.172.169
# IP INTELLIGENCE BRIEFING
Target: 2.58.172.169/32
Classification: LOW RISK / HOSTING INFRASTRUCTURE
Date: 2026-06-28
Risk Score: 25/100
---
## EXECUTIVE SUMMARY
IP 2.58.172.169 is a low-risk cloud hosting endpoint operated by OVH (ASN 16276). The IP hosts web services for the domain tokendirectory.wiki and exhibits standard hosting infrastructure characteristics. No active threat indicators or malicious campaigns have been detected.
Key Findings:
- Risk Score: 25 (Low Risk)
- Provider: OVH Cloud Computing
- Infrastructure: Cloud Hosting (nginx/1.24.0, Ubuntu)
- Geolocation: GB (UK) / Frankfurt am Main
- TLS Certificate: CN=tokendirectory.wiki
- DNSBL Listed: 1 of 8 lists
---
## NETWORK CLASSIFICATION
| Attribute | Value |
|---|---|
| ASN | 16276 |
| Organization | OVH |
| Infrastructure Type | CloudCompute |
| Connection Type | Cloud Hosting |
| Anycast | No |
| Mobile/Residential | No |
---
## SERVICES & ENDPOINTS
Open Ports:
- TCP/80 (HTTP)
- TCP/443 (HTTPS)
Server Fingerprint:
- Server: nginx/1.24.0 (Ubuntu)
- Framework: Next.js
- HTTP Version: 1.1
- Time-to-First-Byte: 586ms
TLS Certificate:
- Issuer: CN=tokendirectory.wiki
- Subject: CN=tokendirectory.wiki
- SANs: tokendirectory.wiki, www.tokendirectory.wiki
- Self-Signed: No
---
## THREAT INDICATORS
Active Threat Signals: None detected
Assessment:
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- Threat Persistence Days: 0
- Is Persistently Malicious: No
Control Plane Status:
- DNSBL Listed: 1 of 8 lists
- Operator Score: 0.1304 (Minimal)
- Route Stability: Unstable
- Route Changes (30d): 0
---
## NEIGHBORHOOD ANALYSIS (2.58.172.0/24)
Subnet Classification: Mostly Clean
Abuse Density: 0.6667 (66.7%)
| Metric | Value |
|---|---|
| Total Siblings | 3 |
| Active Siblings | 3 |
| Threat Siblings | 2 |
| Inherited Risk | 5/100 |
Neighbor IPs:
- 2.58.172.79: Risk Score 25 (Low)
- 2.58.172.222: Risk Score 25 (Low)
Assessment: The subnet shows elevated abuse density (0.6667) with 2 of 3 active siblings exhibiting threat indicators. However, this IP itself maintains a low risk profile. The neighborhood context suggests potential shared infrastructure risks but no direct correlation to this specific endpoint.
---
## OBSERVATION HISTORY
Total Observations: 19 signals
Recent Activity:
- 2026-06-28: Cloud hosting profile consistent (OVH, not Tor/VPN/Proxy)
- 2026-06-20: HTTP fingerprinting confirms nginx/1.24.0 with Next.js framework
Temporal Assessment: No significant changes in ownership or threat signals observed over the observation period. The IP has maintained consistent hosting infrastructure characteristics.
---
## RELATIONSHIP GRAPH
Total Relationships: 22
Key Connections:
- Same Network: NET-2-58-172-0-24 (22 entries)
- No external organization, hostname, or certificate correlations identified
---
## RECOMMENDED ACTIONS
Current Status: No immediate blocking recommendations required
Monitoring Considerations:
1. Monitor for changes in DNSBL listing status (currently 1 of 8 lists)
2. Watch neighborhood abuse density trends (2.58.172.0/24 at 66.7% abuse density)
3. Verify domain (tokendirectory.wiki) legitimacy if receiving traffic from this IP
4. Standard logging for inbound/outbound connections recommended
Firewall Rules: None required at this time (low-risk profile)
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | netutils-mnt |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | nginx/1.24.0 (Ubuntu) |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | tokendirectory.wikiwww.tokendirectory.wiki |
| Valid From | 2026-05-17T11:26:52+00:00 |
| Valid Until | 2036-05-14T11:26:52+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 3650 days |
| Serial Number | 1C9E666D76231BA1F02F55F5AD3BC6DEC6200D78 |
| Thumbprint | B5F6BA8AA49581E4AD173160D677833A3F2157E2 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 18% | 1 | 2 |
| geolocation | 25% | 2 | 2 |
| Overall | 21% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-21 08:55:08 UTC |
| Last Seen | 2026-06-28 13:11:28 UTC |
| Profile Built | 2026-06-29 07:14:44 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 23 |
Full dossier details are available via our API.