# IP Intelligence Briefing: 167.172.66.94
## Executive Summary
This IP address operates as a cloud infrastructure endpoint within the DigitalOcean network. The profile indicates minimal threat posture with a risk score of 25 (Low Risk). No active malicious indicators, campaigns, or persistent threat behavior were detected. The IP serves as a standard multi-service host in a Singapore-based cloud environment.
---
## Infrastructure Profile
Ownership & Classification
- ASN: 14061 (DigitalOcean, Inc.)
- Organization: DigitalOcean
- Infrastructure Type: CloudCompute
- Network Role: Multi-Service Host, Cloud Infrastructure
- CIDR Block: 167.172.64.0/20
- BGP Prefix: 167.172.64.0/20
Geolocation
- Country: Singapore (SG)
- Coordinates: 1.35°N, 103.82°E
- Timezone: Asia/Singapore
- Accuracy Radius: 45 km
- RTT: 238ms average (validated geolocation)
---
## Service Exposure
Open Ports & Services
| Port | Protocol | Service | Notes |
|---|---|---|---|
| 80 | TCP | HTTP | Web traffic |
| 22 | TCP | SSH | Remote access |
HTTP Fingerprint
- Server: nginx/1.24.0 (Ubuntu)
- Status Code: 404 (Not Found)
- Security Headers: HSTS enabled, CSP present, Referrer Policy configured
- HTTP Version: 1.1
---
## Threat Assessment
Risk Metrics
- Overall Risk Score: 25 (Low)
- Provider Score: 0
- Authority Score: 0
- Abuse Confidence Score: N/A
- Operator Score: 0.1304 (Minimal)
Malicious Indicators
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Blacklist Count: 0
- Known Campaigns: None
Control Plane Signals
- DNSBL Listed: 1 of 8 lists
- Route Changes (30d): 0
- Route Stability: Unstable
- DNSSEC Validation: Valid
---
## Neighborhood Analysis
Subnet: 167.172.66.94/24
- Abuse Density: 0
- Classification: mostly_clean
- Total Siblings: 1
- Active Siblings: 1
- Threat Siblings: 1
- Inherited Risk: 2
The subnet exhibits minimal abuse density with one active sibling showing threat signals. No high-risk neighbors were identified.
---
## Historical Observations
Observation Count: 23 signals recorded
- Latest Observation: 2026-06-28T17:13:54
- Threat Persistence: 0 days
- Ownership Changes: 0
- Signal Confidence: Variable (0.23β0.90)
Historical data shows consistent cloud infrastructure behavior with no escalation in threat activity. One threat observation recorded without evidence of persistent malicious use.
---
## Relationship Graph
Connected Entities: 22 relationships
- All relationships classified as "Same Network" (DigitalOcean)
- No external threat actor associations
- No certificate or domain relationships
---
## Recommended Actions
Security Posture: No immediate action required
- No firewall rules recommended
- No blocking actions advised
- Risk profile indicates benign cloud infrastructure
Monitoring Recommendations
- Monitor DNSBL listing status (1 of 8 lists)
- Track route stability changes
- Observe subnet-level threat activity
- Standard cloud infrastructure monitoring applies
---
## Intelligence Narrative
IP 167.172.66.94 operates as a standard DigitalOcean cloud infrastructure endpoint based in Singapore. The address presents minimal security concern with a risk score of 25. Open services include HTTP and SSH, typical for cloud hosting environments. No malicious indicators, known attacker associations, or campaign correlations were identified. The subnet environment remains clean with low abuse density. The single DNSBL listing represents minor concern but does not indicate active malicious activity. Standard defensive monitoring practices apply. No immediate blocking or mitigation actions are warranted.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | digitalocean |
| ASN | AS14061 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Multi-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 443, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | nginx/1.24.0 (Ubuntu) |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 25% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 03:08:46 UTC |
| Last Seen | 2026-06-28 17:14:01 UTC |
| Profile Built | 2026-06-29 05:15:30 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.