165.227.163.170

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP Intelligence Briefing: 165.227.163.170

Date: 2026-06-09

---

1. Core Profile

Risk Score: 59 (Moderate Risk)
Provider: DigitalOcean, LLC (ASN 14061)
Network Role: Tor Exit Node (classified as "provider" in network infrastructure)
Geolocation: United States (no specific city/region data available)
Threat Indicators:

- Tor exit node activity detected

- Listed in 2 DNSBLs (open resolver abuse)

- Self-signed TLS certificate (CN: `api-dev.812g9l1q3.com`)

---

2. Observation History

Recent Activity (2026-06-09):

- Tor exit node signals observed (1 high-severity threat listing).

- Network stability score: 0.35 (Basic operator risk).

- DNSSEC validation: Enabled.

- BGP route stability: Stable (no recent changes).

Trend: No persistent malicious activity detected; threat observation count is low.

---

3. Relationships

Network Affiliation:

- Part of DigitalOcean’s `165.227.0.0/20` subnet.

- Linked to 218+ IPs in the same subnet (all classified as "Same Network").

Threat Connections:

- No direct links to known malicious organizations or campaigns.

---

4. Neighborhood Analysis

Subnet: `165.227.163.170/24`
Abuse Density: 0% (no malicious activity detected in subnet).
Neighbors: No active IPs in the subnet (likely a single-host subnet).

---

5. Service & Technical Details

Open Ports:

- HTTP (80), HTTPS (443), SSH (22).

- SSH banner: `SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15`.

Web Server: Nginx/1.18.0 (Ubuntu).
TLS Certificate:

- Self-signed (issuer/subject: `api-dev.812g9l1q3.com`).

- No SANs listed.

---

6. Recommendations

Monitor Traffic: Track outbound connections from this IP, as Tor exit nodes are often used for C2 or data exfiltration.
Block/Restrict: Consider blocking traffic from this IP unless it’s explicitly required for legitimate Tor-based operations.
Verify Certificate: Investigate the self-signed TLS certificate to ensure it’s not a spoofing attempt.
Subnet Review: Confirm DigitalOcean’s subnet compliance with security policies, as Tor exit nodes can be exploited for malicious purposes.

---

Conclusion: This IP is a Tor exit node associated with DigitalOcean. While its risk score is moderate, its role in the Tor network and DNSBL listings warrant further investigation. SOC teams should prioritize monitoring and restrict traffic unless the IP is verified as benign.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	State
City	City
Timezone	—
Latitude	50.12
Longitude	8.68

🏢 Ownership & Registration

Organization	DigitalOcean, LLC
ASN	AS14061
Network Name	—
CIDR Block	165.227.160.0/20
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	nginx/1.18.0 (Ubuntu)
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15

🔐 TLS Certificate

A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.

⚠️

CN=api-dev.812g9l1q3.com, OU=Unit, O=Organization, L=City, S=State, C=US

Issued by CN=api-dev.812g9l1q3.com, OU=Unit, O=Organization, L=City, S=State, C=US

Self-signed: Yes

SANs	None
Valid From	2025-09-24T03:05:02+00:00
Valid Until	2026-09-24T03:05:02+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	365 days
Serial Number	17ED7325FBEC88C829CFC03C14F2E293F5871E26
Thumbprint	C21F25C7F11D7FEA35C9F935F441902D3F3D9772

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	31%	2	4
routing	20%	2	3
services	25%	2	3
ownership	29%	3	9
reputation	28%	1	3
geolocation	30%	2	3
Overall	27%	12	25

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-22 13:35:48 UTC
Last Seen	2026-06-28 19:30:42 UTC
Profile Built	2026-06-29 07:34:36 UTC
Data Freshness	Live
Signal Types	28
Total Observations	57

🔍 28 signal types · 57 observations collected

This report is generated from 28+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

165.227.163.170📋 Copy

**1. Core Profile**

**2. Observation History**

**3. Relationships**

**4. Neighborhood Analysis**

**5. Service & Technical Details**

**6. Recommendations**