## INTELLIGENCE BRIEFING: 138.197.70.18/32
Classification: Cloud Infrastructure - Low Risk
Date: June 2026
Analyst: IPDebrief Intelligence Platform
---
EXECUTIVE SUMMARY
IP 138.197.70.18 is a DigitalOcean cloud compute instance located in Clifton, NJ, US. The IP presents a low-risk profile with a risk score of 25/100. No malicious indicators, campaigns, or active threats were detected. The asset operates as a web server with standard HTTPS/SSH services and maintains legitimate Let's Encrypt certificate authority for multiple domains.
---
OWNERSHIP & INFRASTRUCTURE
- Organization: DigitalOcean, LLC
- ASN: 14061
- Geolocation: Clifton, New Jersey, United States
- Infrastructure Type: Cloud Compute
- CIDR Block: 138.197.64.0/20
- BGP Prefix: 138.197.70.18/24
---
NETWORK SERVICES & FINGERPRINTING
Open Ports:
- TCP/22 (SSH) - OpenSSH 9.6p1 Ubuntu-3ubuntu13.16
- TCP/80 (HTTP) - nginx/1.24.0
- TCP/443 (HTTPS) - nginx/1.24.0
SSL/TLS Configuration:
- Certificate Issuer: Let's Encrypt
- Subject Domains: api.erplenia.com, api.flujentis.com
- Protocol: TLS 1.3
- Cipher Suite: TLS_AES_256_GCM_SHA384
- Status: Valid (non-self-signed)
HTTP Response: 404 Not Found (standard behavior for API endpoints)
---
THREAT INTELLIGENCE
Risk Assessment:
- Overall Risk Score: 25 (Low)
- Abuse Confidence Score: Not applicable (no detected abuse)
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Blacklist Count: 0
- DNSBL Listings: 1 of 8 total lists (minimal operator score: 0.1304)
Threat Indicators: None detected. No known campaigns, threat feeds, or malicious activity observed.
---
TEMPORAL ANALYSIS
Observation History: 19 total signals observed
- Most Recent: 2026-06-15T06:59:57Z (HTTP response fingerprinting)
- TLS Certificate Scan: 2026-06-15T06:55:50Z
- Operator Score: 2026-06-15T06:34:20Z
- Subnet Analysis: 2026-06-08T18:49:02Z
Trend Analysis: IP maintains consistent low-risk profile. No escalation in threat activity detected. Threat observation count: 1. Not persistently malicious.
---
NEIGHBORHOOD ANALYSIS
- Subnet: 138.197.70.18/24
- Abuse Density: 1
- Classification: Mostly Clean
- Threat Siblings: 1
- Active Siblings: 0
- Risk Distribution: No high/medium risk neighbors identified
---
RELATIONSHIP GRAPH
- Total Relationships: 11
- Type: All relationships classified as "Same Network" (DIGITALOCEAN-138-197-0-0)
- Cross-References: No external organization, hostname, or certificate relationships beyond DigitalOcean infrastructure
---
CONTROL PLANE & ROUTING
- RPKI State: Not available
- Route Stability: Unstable (route changes detected)
- DNSSEC Validation: Valid
- Origin ASN: 14061 (DigitalOcean)
- Route Changes (30d): 0
---
SOC ANALYST RECOMMENDATIONS
Action Required: None. Risk score of 25 falls below typical blocking thresholds.
Recommended Actions:
- No firewall blocking recommended
- No additional monitoring required beyond standard cloud infrastructure logging
- Consider standard logging for SSH port 22 activity if not already in place
Context: This IP represents a legitimate cloud hosting environment. The 404 response on HTTPS queries suggests the endpoint may be temporarily unavailable or under maintenance. No evidence of malicious use patterns detected across all observation windows.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | 0/2 domains |
| DMARC | 0/2 domains |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.24.0 (Ubuntu) |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
π TLS Certificate
| SANs | api.erplenia.comapi.flujentis.com |
| Valid From | 2026-05-20T00:47:33+00:00 |
| Valid Until | 2026-08-18T00:47:32+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 0634DF3B3C3AD31BF38D01A84D6617979447 |
| Thumbprint | 347B0D848151C78856445C6599A20B39E257D63C |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 17 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-19 09:36:24 UTC |
| Last Seen | 2026-06-28 08:40:51 UTC |
| Profile Built | 2026-06-29 02:45:24 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.