167.172.133.108
INTELLIGENCE BRIEFING: 167.172.133.108
Classification: LOW RISK / INFORMATIONAL
Date of Analysis: [Current Date]
Analyst: SOC Operations
---
EXECUTIVE SUMMARY
IP address 167.172.133.108 is a DigitalOcean cloud infrastructure endpoint with a low risk profile (Risk Score: 25/100). The IP is associated with legitimate cloud computing infrastructure in North Bergen, NJ, US, showing minimal threat indicators and standard cloud provider characteristics. No malicious campaigns or persistent attacker activity detected.
---
NETWORK OWNERSHIP & GEOLOCATION
- Organization: DigitalOcean (ASN: 14061)
- Network: 167.172.0.0/16 (DigitalOcean Cloud Compute)
- Location: North Bergen, New Jersey, United States
- Infrastructure Type: Cloud Compute (Single-Service Host)
- ISP Classification: Cloud Provider / Hosting
---
THREAT ASSESSMENT
Overall Risk Score: 25 (Low Risk)
Reputation: Low Risk
Threat Indicators:
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Blacklist Count: 0
- Known Campaigns: None
DNSBL Status: Listed on 1 of 8 threat feeds (dnsblListedCount: 1)
---
DNS & HOSTNAME ANALYSIS
- PTR Record: prod-bromine-nyc1-192.do.binaryedge.ninja
- Reverse DNS: Confirmed (1 hostname)
- Domain: binaryedge.ninja
- Email Authentication: SPF: Yes | DMARC: No
- DNSSEC: Valid
---
SERVICE FINGERPRINTING
Open Ports:
- Port 22/tcp: SSH (OpenSSH_8.9p1 Ubuntu-3ubuntu0.15)
No HTTP/HTTPS services detected. Single-SSH host profile consistent with cloud infrastructure management endpoints.
---
NEIGHBORHOOD ANALYSIS (167.172.133.0/24)
- Abuse Density: 1 (mostly_clean)
- Total Sibling IPs: 2
- Active Siblings: 1
- Threat Siblings: 2
- Neighboring IP: 167.172.133.85 (Risk Score: 25)
Assessment: Subnet shows minimal abuse density. Neighbor 167.172.133.85 maintains similar low-risk profile.
---
TEMPORAL OBSERVATIONS
Total Historical Observations: 22
Threat Observation Count: 1
Threat Persistence Days: 0
Ownership Changes: 0
Key Historical Signals:
- 2026-06-21: Control plane signals (operator_score: 0.2609)
- 2026-06-16: Subnet classification (mostly_clean, inherited_risk: 5)
- 2026-06-16: Routing and threat signals (no attacker indicators)
---
NETWORK RELATIONSHIPS
- Primary Association: DigitalOcean (19 relationships)
- DNS Associations: prod-bromine-nyc1-192.do.binaryedge.ninja (6 associations)
- Campaign Correlations: None detected
---
SECURITY RECOMMENDATIONS
Current Risk Level: LOW
Action Required: Standard monitoring
No immediate blocking or mitigation actions recommended. The IP exhibits characteristics of legitimate cloud infrastructure:
1. Firewall Policy: Allow standard SSH traffic if operational requirements exist
2. Monitoring: Continue standard traffic logging and anomaly detection
3. Blocklisting: Not recommended based on current risk profile
4. Geolocation: No geo-blocking required (legitimate US-based cloud provider)
Note: This IP is part of DigitalOcean's binaryedge.ninja infrastructure, which may be used for legitimate security tooling and monitoring services.
---
CONCLUSION
IP 167.172.133.108 represents low-risk cloud infrastructure with no evidence of malicious activity. The IP maintains consistent ownership history and standard cloud provider characteristics. No defensive action required beyond routine network monitoring.
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | digitalocean |
| ASN | AS14061 |
| Network Name | DigitalOcean |
| CIDR Block | 167.172.0.0/16 |
| RIR | ARIN |
| Country | US |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | prod-bromine-nyc1-192.do.binaryedge.ninja |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | prod-bromine-nyc1-192.do.binaryedge.ninja |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 30% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-03 12:21:03 UTC |
| Last Seen | 2026-06-21 10:14:39 UTC |
| Profile Built | 2026-06-21 10:20:46 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.