IP Intelligence Briefing: 104.248.218.184
Date: 2026-06-08
**Profile Summary**
- Risk Score: 50 (Moderate Risk)
- Provider: DigitalOcean (ASN 14061)
- Geolocation: Santa Clara, CA, US (geoplausible: false)
- Network Role: CloudCompute (DigitalOcean infrastructure)
- Services: Open SSH port (22/tcp) with banner "SSH-2.0-OpenSSH_9.9p1 Ubuntu-3ubuntu3.1".
**Threat Indicators**
- No direct malicious activity detected (no indicators, abuse confidence, or blacklists).
- Historical Observations (Last 30 Days):
- 3 threat feed listings (confidence: 0.85, severity: high).
- Geolocation consistency (US, Santa Clara).
- Network classification as CloudCompute.
- Subnet (104.248.218.184/24) classified as "clean" with 0 abuse density.
**Network Relationships**
- Linked Entities:
- Same network: DIGITALOCEAN-104-248-0-0 (CIDR 104.248.208.0/20).
- Neighbors: No neighboring IPs in the subnet (tool returned empty list).
**Actionable Recommendations**
- Firewall Rules:
- Block the IP using standard rules (e.g., `iptables -A INPUT -s 104.248.218.184 -j DROP`).
- Update WAF rules (Cloudflare, AWS) to block the IP.
- Monitoring:
- Watch for changes in threat feed listings or network behavior.
- Verify SSH access legitimacy, as open ports may indicate misconfigured cloud instances.
**Conclusion**
This IP is part of DigitalOcean's CloudCompute infrastructure and shows no immediate malicious activity. However, historical threat feed listings suggest potential risk. Monitor for behavioral changes and ensure SSH access is properly secured. The subnet is clean, but the moderate risk score warrants cautious observation.
Next Steps: Cross-reference with internal threat feeds, validate SSH access, and consider isolating the host if further suspicious activity is detected.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.9p1 Ubuntu-3ubuntu3.1 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 18% | 1 | 2 |
| geolocation | 25% | 2 | 2 |
| Overall | 18% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-18 21:26:45 UTC |
| Last Seen | 2026-06-28 07:46:08 UTC |
| Profile Built | 2026-06-29 01:51:50 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 21 |
Full dossier details are available via our API.