167.172.18.255

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP INTELLIGENCE BRIEFING: 167.172.18.255/32

Classification: Low Risk Cloud Infrastructure Node

Ownership & Network Data

IP 167.172.18.255 is assigned to DigitalOcean (ASN 14061) within the 167.172.0.0/16 CIDR block. Geolocation data indicates United States, New Jersey (Clifton) with 2500km accuracy radius. Network classification identifies this as a cloud compute host (DigitalOcean infrastructure).

Risk Assessment

Overall risk score: 25/100 (Low Risk). Abuse confidence score not available. DNSBL listing confirmed on 1 of 8 total lists. Operator score 0.1304 labeled "Minimal." No active threat indicators detected. No known campaigns, not classified as Tor exit node, known attacker, or spam source.

Service & DNS Analysis

Open ports reveal SSH service (TCP/22, OpenSSH 9.9p1 Ubuntu-3ubuntu3.1). No TLS certificates, HTTP services, or reverse DNS records observed. No email authentication (SPF/DMARC) configured for any associated domains. Forward resolution count: 0. PTR hostnames: None.

Observation History

Total observations: 18 signals recorded. Most recent activity: 2026-06-21. Historical data shows 1 threat observation recorded. Geo-validation anomalies detected: claimed geolocation in US contradicts RTT measurements (22-28ms vs 119.4ms minimum possible for 5968km distance). This indicates potential geolocation spoofing or probe location mismatch.

Relationship Analysis

Twelve relationship records identified, all mapping to "Same Network" entities within DigitalOcean infrastructure. No external organizational, certificate, or hostname relationships established.

Neighborhood Assessment

Subnet 167.172.18.255/24 shows abuse density classification of "mostly_clean" with inherited risk level of 2. Subnet contains 1 total sibling with 1 active sibling. 1 threat sibling identified. No high or medium risk neighbors detected.

Actionable Intelligence

Monitor for SSH brute force attempts on port 22
DNSBL listing warrants review but does not indicate elevated threat
Geographic inconsistency suggests potential data manipulation; validate via independent geolocation methods
Low overall risk profile supports continued monitoring without immediate blocking
No immediate firewall rules recommended based on current threat profile

Conclusion

This DigitalOcean cloud instance presents minimal threat indicators. The IP operates as a standard cloud compute host with SSH access enabled. While geolocation data shows anomalies and a single DNSBL listing exists, the overall risk posture remains low. Continued passive monitoring is appropriate.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	NJ
City	Clifton
Timezone	—
Latitude	40.84
Longitude	-74.14

🏢 Ownership & Registration

Organization	digitalocean
ASN	AS14061
Network Name	DigitalOcean
CIDR Block	167.172.0.0/16
RIR	ARIN
Country	US
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Single-Service Host
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
22	ssh	tcp	SSH-2.0-OpenSSH_9.9p1 Ubuntu-3ubuntu3.1
Closed Ports	25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned)

Server	—
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.9p1 Ubuntu-3ubuntu3.1

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	31%	2	4
routing	8%	1	1
services	15%	2	2
ownership	27%	2	3
reputation	26%	1	3
geolocation	40%	2	3
Overall	25%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-26 06:50:20 UTC
Last Seen	2026-06-29 02:45:47 UTC
Profile Built	2026-06-29 08:48:14 UTC
Data Freshness	Live
Signal Types	20
Total Observations	21

🔍 20 signal types · 21 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

167.172.18.255📋 Copy