57.129.70.187

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING: 57.129.70.187

## Executive Summary

IP address 57.129.70.187 is a cloud computing host operated by OVH GmbH in Frankfurt am Main, Germany. The address presents a LOW RISK profile (risk score: 30) with no evidence of malicious activity in current observation windows. This VPS instance operates standard web services without detected threat indicators.

---

## Infrastructure Profile

Attribute	Value
Organization	OVH GmbH (AS16276)
Geolocation	Frankfurt am Main, Germany (DE)
Infrastructure Type	CloudCompute / Hosting
Network Role	Web Server
DNS Resolution	vps-2c64c2c9.vps.ovh.net
Server Banner	nginx/1.18.0 (Ubuntu)

---

## Network Services Exposure

The following ports are actively listening:

Port 80/443 (HTTP/HTTPS) - Standard web traffic
Port 22/SSH (OpenSSH_8.9p1 Ubuntu-3ubuntu0.15)
Port 8080/8443 (HTTP-Alt/HTTPS-Alt) - Alternative web interfaces

No TLS certificates are currently in use for HTTPS termination.

---

## Threat Indicators Assessment

Known Attacker: False
Tor Exit Node: False
Spam Source: False
Blacklist Count: 0
Abuse Confidence Score: Not reported
Associated Campaigns: None detected

---

## Historical Signal Analysis

Analysis of 25 observations reveals:

Recent Threat Listing: One high-severity listing detected on 2026-06-19, though current profile shows zero blacklist entries
Geolocation Consistency: Valid Frankfurt area location (distance: 296 km, avg RTT: 112.2 ms)
Ownership Stability: No ownership changes recorded
Threat Persistence: 0 days (not persistently malicious)

---

## Network Neighborhood

Subnet 57.129.70.0/24 classification: mostly_clean

Abuse Density: 0
High-risk neighbors: 0
Medium-risk neighbors: 0
Low-risk neighbors: 0

No concerning patterns detected in adjacent addresses.

---

## Relationship Graph

53 relationships identified, primarily DNS associations to vps-2c64c2c9.vps.ovh.net and network-level associations to VPS-DE2. No malicious entity links detected.

---

## SOC Analyst Recommendations

Current risk score (30) and lack of active threat indicators suggest this IP requires monitoring but not blocking. Recommended actions:

1. Allow traffic with standard logging enabled

2. Monitor port 22 (SSH) for unusual connection patterns

3. Track alternative ports (8080, 8443) for potential abuse

4. No immediate firewall rules required per risk profile

---

## Conclusion

IP 57.129.70.187 is a legitimate OVH cloud VPS hosting standard web services. While a historical threat listing was observed, the current profile shows no active malicious behavior. Treat as low-priority monitoring asset rather than threat actor infrastructure.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	Hesse
City	Frankfurt am Main
Timezone	Europe/Berlin
Latitude	48.86
Longitude	6.60

🏢 Ownership & Registration

Organization	OVH GmbH
ASN	AS16276
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	vps-2c64c2c9.vps.ovh.net
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`vps-2c64c2c9.vps.ovh.net`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15
8080	http-alt	tcp	—
8443	https-alt	tcp	—
3389	rdp	tcp	—
Closed Ports	25 (6 open / 7 scanned)

Server	nginx/1.18.0 (Ubuntu)
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	22%	2	4
routing	13%	1	1
services	25%	2	3
ownership	20%	2	3
reputation	24%	1	3
geolocation	31%	2	3
Overall	22%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-12 15:48:25 UTC
Last Seen	2026-06-27 21:53:22 UTC
Profile Built	2026-06-28 21:58:22 UTC
Data Freshness	Live
Signal Types	24
Total Observations	29

🔍 24 signal types · 29 observations collected

This report is generated from 24+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

57.129.70.187📋 Copy