# IP Intelligence Briefing: 167.71.195.2/32
Classification: LOW RISK β’ Last Updated: 2026-06-22
IP Address: 167.71.195.2
ASN: 14061 (DigitalOcean, LLC)
---
## Executive Summary
The IP address 167.71.195.2 is a DigitalOcean cloud infrastructure endpoint located in Singapore. Current risk assessment indicates low threat activity with a risk score of 25. The IP operates as a cloud compute host with standard web and SSH services. No active malicious indicators or threat campaigns were detected during analysis.
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **Organization** | DigitalOcean, LLC |
| **ASN** | 14061 |
| **Location** | Singapore (SG) |
| **Infrastructure Type** | Cloud Compute (Hosting) |
| **Classification** | Cloud Hosting Provider |
| **Risk Score** | 25 (Low Risk) |
| **Abuse Confidence** | Not Available |
## Network Services
Open ports identified during passive scanning:
- Port 80/TCP: HTTP
- Port 443/TCP: HTTPS
- Port 22/TCP: SSH (OpenSSH 8.9p1 Ubuntu-3ubuntu0.15)
TLS Certificate analysis reveals a self-signed TRAEFIK certificate with SANs pointing to internal Traefik routing configuration. No external domain associations detected.
---
## Threat Indicators
No malicious threat indicators were identified:
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Blacklist Count: 0
- DNSBL Listings: 1 (minor listing)
- Known Campaigns: None
---
## Neighborhood Assessment
Subnet: 167.71.195.2/24
- Abuse Density: 0.5 (Low)
- Classification: Mostly Clean
- Total Siblings: 2
- Active Siblings: 1
- Threat Siblings: 1
Neighbor Analysis: One adjacent IP (167.71.195.101) shows elevated risk scoring (50), suggesting potential localized activity within the subnet. However, the target IP itself maintains clean classification.
---
## Relationship Graph
The IP maintains 35 relationship associations, predominantly same-network links to DigitalOcean infrastructure. No cross-network, organizational, or certificate-based relationships indicate broader attack infrastructure associations.
---
## Historical Observations
Analysis of 20 historical observations (through 2026-06-22) demonstrates consistent geolocation reporting from Singapore. No significant changes in threat posture, infrastructure classification, or risk indicators observed over the observation period. The IP exhibits stable ownership and classification characteristics.
---
## Recommended Actions
No immediate mitigation actions are recommended based on current risk profile. However, SOC analysts should:
1. Monitor: Maintain observation on the IP for any sudden risk score increases
2. Review Neighbor Activity: Investigate adjacent IP 167.71.195.101 (risk score 50) if threat indicators emerge
3. Baseline: Establish normal traffic patterns for DigitalOcean cloud endpoints in the 167.71.195.0/24 subnet
---
Analyst Notes: This IP represents standard cloud infrastructure with no actionable threat intelligence. The single DNSBL listing and one flagged neighbor IP warrant routine monitoring but do not indicate immediate malicious activity from this specific endpoint.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Apache |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
π TLS Certificate
| SANs | 6429fe1453f098f1cdb850ebe4f64d8b.ac213a3708a585216fc1fa4e7c827f0a.traefik.default |
| Valid From | 2026-05-30T13:20:27+00:00 |
| Valid Until | 2027-05-30T13:20:27+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_128_GCM_SHA256 |
| Signature Algorithm | sha256RSA |
| Validity Period | 365 days |
| Serial Number | 008B93FF28152307EE2B81D911F78D169C |
| Thumbprint | AE3FD993529E6C4E4A982237D2C5B96708DDCA5C |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 27% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:03:52 UTC |
| Last Seen | 2026-06-27 01:35:52 UTC |
| Profile Built | 2026-06-27 23:43:08 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 26 |
Full dossier details are available via our API.