164.92.172.241

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target: 164.92.172.241/32

Classification: Cloud Compute Infrastructure (DigitalOcean)

Date: 2026-06-16

Risk Assessment: MODERATE RISK (Score: 40/100)

---

## EXECUTIVE SUMMARY

IP 164.92.172.241 is a DigitalOcean cloud infrastructure endpoint located in Frankfurt am Main, Germany. The IP shows a moderate risk profile with no active threat indicators, no known malicious activity, and zero observed abuse. The IP is classified as hosting infrastructure with no open services detected. Historical observations indicate stable ownership with no malicious persistence patterns.

---

## OWNERSHIP & GEOLOCATION

Attribute	Value
ASN	14061
Organization	DigitalOcean, LLC
Network Block	164.92.64.0/18
City	Frankfurt am Main
Country	Germany (DE)
Region	Hesse
Timezone	Europe/Berlin
Infrastructure Type	Cloud Compute

---

## THREAT ASSESSMENT

Risk Profile: Moderate Risk (40/100)

Threat Indicators: NONE DETECTED

Blacklist Status: 0 blacklists

DNSBL Listings: 2 of 8 total lists

Tor Exit Node: No

Known Attacker: No

Spam Source: No

Risk Breakdown:

Abuse Confidence Score: Not applicable
Known Campaigns: None
Threat Feeds: No matches

---

## NETWORK CLASSIFICATION

Classification	Status
Cloud Infrastructure	YES
CDN	NO
VPN	NO
Proxy	NO
Tor	NO
Hosting	YES
Mobile	NO
Residential	NO
Bogon	NO
Anycast	NO

Service Status: Firewalled / No Services Detected

Open Ports: None

TLS Certificate: None

HTTP Banner: None

---

## NEIGHBORHOOD ANALYSIS

Subnet: 164.92.172.241/24

Abuse Density: 0 (Clean)

Classification: Clean

Total Siblings: 1

Active Siblings: 0

Threat Siblings: 0

No neighboring IPs show abuse indicators. The subnet demonstrates clean classification with no inherited risk.

---

## OBSERVATION HISTORY

Total signals observed: 17

Recent Signals (2026-06-16):

Subnet classification: Clean (confidence: 0.40)
Geolocation validation: Frankfurt, DE (confidence: 0.60)
Ownership stability: No changes (confidence: 0.85)
Operator score: Minimal (0.1304) (confidence: 0.30)
Overall profile confidence: 0.225

Temporal Analysis:

Ownership Changes: 0
Threat Persistence Days: 0
Threat Observation Count: 0
Persistently Malicious: NO

---

## RELATIONSHIP GRAPH

All 5 detected relationships map to the same network block (DO-13). No external entity associations detected (hostnames, organizations, certificates).

---

## NETWORK ROUTING & CONTROL PLANE

BGP Prefix: 164.92.160.0/20

Route Stable: NO

RPKI State: Not evaluated

IRR Consistency: Not evaluated

DNSSEC Valid: YES

Route Changes (30d): 0

Trace Analysis:

Hop Count: 18
First Hop RTT: 0.2ms
Last Hop RTT: 108ms
Transit Networks: Comcast
Timed Out Hops: 5

---

## SECURITY ACTIONS & RECOMMENDATIONS

Recommended Action: Block traffic at perimeter layers (probability-based recommendation)

Firewall Rules Provided:

iptables:

```

iptables -A INPUT -s 164.92.172.241 -j DROP

```

nftables:

```

nft add rule inet filter input ip saddr 164.92.172.241 drop

```

nginx:

```

deny 164.92.172.241;

```

pfSense:

```

164.92.172.241/32

```

Cloudflare WAF:

```json

{"description":"Block 164.92.172.241 — IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 164.92.172.241"}}

```

AWS WAF:

```json

{"Addresses":["164.92.172.241/32"],"Description":"IPDebrief risk 40"}

```

---

## INTELLIGENCE NARRATIVE

IP 164.92.172.241 represents a DigitalOcean cloud compute endpoint with moderate risk scoring primarily driven by operator-level metrics rather than active threat indicators. The IP shows no evidence of malicious activity, with zero blacklist entries and no known associations with attack campaigns. Geolocation data validates Frankfurt, Germany placement with plausible RTT metrics (avg 111.8ms).

The absence of open services, TLS certificates, or email authentication records suggests either a dormant endpoint, internal-only infrastructure, or intentionally firewalled service. The subnet neighborhood remains clean with no abuse density or threat siblings. Historical signals indicate stable ownership with no malicious persistence patterns observed.

Recommendation: Block at network perimeter due to moderate risk score (40/100), though the lack of active threat indicators warrants correlating with additional telemetry before enforcement. No immediate threat indicators detected.

---

Classification: UNCLASSIFIED

Distribution: SOC Team

Platform: IPDebrief Intelligence

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	Hesse
City	Frankfurt am Main
Timezone	Europe/Berlin
Latitude	50.12
Longitude	8.68

🏢 Ownership & Registration

Organization	DigitalOcean, LLC
ASN	AS14061
Network Name	DO-13
CIDR Block	164.92.64.0/18
RIR	ARIN
Country	United States
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	24%	2	2
routing	17%	1	1
services	17%	1	1
ownership	35%	2	3
reputation	17%	1	2
geolocation	35%	2	3
Overall	24%	9	12

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-06-10 08:39:38 UTC
Last Seen	2026-06-21 17:16:17 UTC
Profile Built	2026-06-21 17:22:31 UTC
Data Freshness	Live
Signal Types	18
Total Observations	21

🔍 18 signal types · 21 observations collected

This report is generated from 18+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

164.92.172.241📋 Copy