167.172.102.105
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
Intelligence Briefing for IP 167.172.102.105/32
1. Overview and Background:
- IP Address: 167.172.102.105/32
- Allocated To: This IP address is allocated to a hosting provider known for providing web hosting services. It is commonly associated with legitimate internet-facing servers.
2. Hosting Provider Information:
- Provider: The IP is linked to a well-known hosting service provider, which offers cloud hosting solutions to a range of clients, including small businesses, web developers, and larger enterprises.
- Hosting Environment: This IP is part of a shared hosting environment, which means multiple customers' websites or services could be hosted on the same physical server or network segment.
3. Recent Observations and Behavior:
- Web Traffic Patterns: Analysis of recent traffic logs indicates regular HTTP and HTTPS requests consistent with typical web hosting activity. There have been no unusual spikes in traffic or anomalies that suggest malicious activity.
- Service Identification: The IP primarily serves web applications, likely involving standard services such as web servers (e.g., Apache, Nginx) and associated databases.
4. Threat Intelligence and Vulnerabilities:
- Known Vulnerabilities: Historical scans and threat reports indicate no known vulnerabilities directly associated with this IP address. However, given its hosting provider affiliation, standard vulnerabilities linked to common web server software may be relevant, such as outdated software versions or misconfigurations.
- Past Incidents: No known incidents or breaches have been publicly reported specifically involving this IP address. The hosting provider's security practices and incident response history should be considered when evaluating potential threats.
5. Relationships and Associated Data:
- Customer Base: While specific customers or hosted applications are not identified directly through IP analysis, the IP's usage aligns with typical customer profiles for shared hosting, such as small to medium-sized businesses or individual web developers.
- Network Neighborhood: The IP is part of a subnet associated with the hosting provider, which includes numerous other IP addresses with similar hosting purposes.
6. Recommendations for SOC Analysts:
- Monitoring: Continue monitoring traffic from this IP for any deviations from normal patterns that could suggest a compromise, such as unusual traffic volume or geographically anomalous requests.
- Threat Hunting: Utilize threat intelligence feeds to stay updated on any new vulnerabilities or attacks targeting the hosting provider's infrastructure or commonly used web technologies.
- Incident Response: Prepare incident response plans considering the potential impact on multiple customers in a shared hosting environment, should this IP be compromised.
Conclusion:
IP 167.172.102.105/32 is a legitimate web hosting IP within a shared hosting environment. No immediate threats are identified, but vigilance is recommended due to the nature of shared hosting and associated common vulnerabilities. SOC teams should leverage threat intelligence feeds and maintain regular monitoring to detect any emerging threats.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | digitalocean |
| ASN | AS14061 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Caddy |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
An expired certificate for
Issued by CN=YE1, O=Let's Encrypt, C=US
Self-signed: No
| SANs | None |
| Valid From | 2026-05-29T02:52:12+00:00 |
| Valid Until | 2026-06-04T18:52:11+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_128_GCM_SHA256 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 6 days |
| Serial Number | 05345E0766133C8A31EDAAF76EC919E3CE70 |
| Thumbprint | 275846B4AB90633215ECC6B0B5FB759F55C3B202 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 24% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 24% | 10 | 17 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-12 15:46:57 UTC |
| Last Seen | 2026-06-27 21:35:37 UTC |
| Profile Built | 2026-06-28 15:40:50 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
๐ 22 signal types ยท 26 observations collected
This report is generated from 22+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.