# IP INTELLIGENCE BRIEFING: 57.129.70.187
## Executive Summary
IP address 57.129.70.187 is a cloud computing host operated by OVH GmbH in Frankfurt am Main, Germany. The address presents a LOW RISK profile (risk score: 30) with no evidence of malicious activity in current observation windows. This VPS instance operates standard web services without detected threat indicators.
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **Organization** | OVH GmbH (AS16276) |
| **Geolocation** | Frankfurt am Main, Germany (DE) |
| **Infrastructure Type** | CloudCompute / Hosting |
| **Network Role** | Web Server |
| **DNS Resolution** | vps-2c64c2c9.vps.ovh.net |
| **Server Banner** | nginx/1.18.0 (Ubuntu) |
---
## Network Services Exposure
The following ports are actively listening:
- Port 80/443 (HTTP/HTTPS) - Standard web traffic
- Port 22/SSH (OpenSSH_8.9p1 Ubuntu-3ubuntu0.15)
- Port 8080/8443 (HTTP-Alt/HTTPS-Alt) - Alternative web interfaces
No TLS certificates are currently in use for HTTPS termination.
---
## Threat Indicators Assessment
- Known Attacker: False
- Tor Exit Node: False
- Spam Source: False
- Blacklist Count: 0
- Abuse Confidence Score: Not reported
- Associated Campaigns: None detected
---
## Historical Signal Analysis
Analysis of 25 observations reveals:
- Recent Threat Listing: One high-severity listing detected on 2026-06-19, though current profile shows zero blacklist entries
- Geolocation Consistency: Valid Frankfurt area location (distance: 296 km, avg RTT: 112.2 ms)
- Ownership Stability: No ownership changes recorded
- Threat Persistence: 0 days (not persistently malicious)
---
## Network Neighborhood
Subnet 57.129.70.0/24 classification: mostly_clean
- Abuse Density: 0
- High-risk neighbors: 0
- Medium-risk neighbors: 0
- Low-risk neighbors: 0
No concerning patterns detected in adjacent addresses.
---
## Relationship Graph
53 relationships identified, primarily DNS associations to vps-2c64c2c9.vps.ovh.net and network-level associations to VPS-DE2. No malicious entity links detected.
---
## SOC Analyst Recommendations
Current risk score (30) and lack of active threat indicators suggest this IP requires monitoring but not blocking. Recommended actions:
1. Allow traffic with standard logging enabled
2. Monitor port 22 (SSH) for unusual connection patterns
3. Track alternative ports (8080, 8443) for potential abuse
4. No immediate firewall rules required per risk profile
---
## Conclusion
IP 57.129.70.187 is a legitimate OVH cloud VPS hosting standard web services. While a historical threat listing was observed, the current profile shows no active malicious behavior. Treat as low-priority monitoring asset rather than threat actor infrastructure.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | OVH GmbH |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vps-2c64c2c9.vps.ovh.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vps-2c64c2c9.vps.ovh.net |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| 8080 | http-alt | tcp | โ |
| 8443 | https-alt | tcp | โ |
| 3389 | rdp | tcp | โ |
| Closed Ports | 25 (6 open / 7 scanned) | ||
| Server | nginx/1.18.0 (Ubuntu) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 22% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 25% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 24% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 22% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-12 15:48:25 UTC |
| Last Seen | 2026-06-27 21:53:22 UTC |
| Profile Built | 2026-06-28 21:58:22 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 29 |
Full dossier details are available via our API.