167.99.107.57
# IP Intelligence Briefing: 167.99.107.57
Classification: Moderate Risk / Cloud Infrastructure
Report Date: Current
Risk Score: 40/100
## Executive Summary
IP 167.99.107.57 is a DigitalOcean cloud compute instance operating as a single-service host with SSH access enabled. The IP demonstrates moderate risk characteristics with DNSBL listings and geolocation validation anomalies. No persistent malicious activity observed.
## Technical Profile
Ownership & Routing:
- ASN: 14061 (DigitalOcean, LLC)
- BGP Prefix: 167.99.96.0/20
- Origin ASN: 14061 via AS2914 (NTT)
- Route Stability: Stable (zero changes in 30 days)
- RIR: ARIN (allocated 2012-09-25)
Geolocation:
- Reported Location: Santa Clara, CA, US
- Validation Status: GEOLOCATION IMPLAUSIBLE
- RTT Analysis: 88ms observed vs minimum 177.25ms required for claimed distance (8,863km)
- Distance Violation: RTT 88.0ms < minimum possible 177.25ms for 8863km
Network Services:
- Port 22/TCP (SSH): Open, SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.13
- DNS Resolution: 5b5593d5a9.research-scanner.com (forward unconfirmed)
- Email Auth: SPF present, DMARC absent
Threat Indicators:
- DNSBL Listings: 2 of 8 lists
- Abuse Confidence: None reported
- Known Campaigns: None
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
## Neighborhood Analysis
Subnet: 167.99.107.57/24
- Abuse Density: 0 (mostly clean classification)
- Total Siblings: 1 (self only)
- Threat Siblings: 1
- Inherited Risk: 2
## Historical Observations
25 signal observations recorded. Routing and ASN assignments remain stable. Single threat observation detected. Geo validation inconsistencies persist across observations.
## Associated Entities
- Networks: 53 relationships identified, primarily DIGITALOCEAN-167-99-0-0
- Campaigns: None correlated
- Certificates: None associated
## Recommended Actions
Firewall Rules (Recommended for Risk Score 40):
| Platform | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 167.99.107.57 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 167.99.107.57 drop` |
| nginx | `deny 167.99.107.57;` |
| pfSense | `167.99.107.57/32` |
| Cloudflare WAF | `{"description":"Block 167.99.107.57 β IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 167.99.107.57"}}` |
| AWS WAF | `{"Addresses":["167.99.107.57/32"],"Description":"IPDebrief risk 40"}` |
## SOC Analyst Assessment
This IP represents a cloud-hosted service with moderate risk posture. The geolocation implausibility suggests either misconfigured reporting or potential proxy usage. SSH exposure on a single-service host warrants attention but does not indicate active exploitation. The absence of persistent malicious signals and stable routing indicate this is likely a legitimate cloud infrastructure endpoint with minor reputation issues. Monitor for escalation in DNSBL listings or SSH activity patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | β |
| CIDR Block | 167.99.96.0/20 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 5b5593d5a9.research-scanner.com |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 5b5593d5a9.research-scanner.com |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.13 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 32% | 2 | 3 |
| services | 12% | 2 | 2 |
| ownership | 28% | 3 | 4 |
| reputation | 28% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 27% | 12 | 19 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-10 04:11:35 UTC |
| Last Seen | 2026-06-27 16:58:25 UTC |
| Profile Built | 2026-06-28 11:03:55 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 29 |
Full dossier details are available via our API.