167.99.142.36

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 167.99.142.36/32

## Executive Summary

IP 167.99.142.36 is a low-risk cloud hosting endpoint operated by DigitalOcean, LLC, located in Frankfurt am Main, Germany. The asset presents minimal immediate threat but warrants monitoring due to hostname associations with cyberresilience.io and one DNSBL listing.

## Asset Profile

Ownership & Infrastructure

Organization: DigitalOcean, LLC (ASN: 14061)
Infrastructure Type: CloudCompute (hosting infrastructure)
Location: Frankfurt am Main, Germany (DE)
CIDR Block: 167.99.128.0/20
BGP Prefix: 167.99.128.0/20

Risk Assessment

Overall Risk Score: 25 (Low Risk)
Provider Score: 0
Authority Score: 0
Reputation: Low Risk
Route Stability: False
DNSSEC: Valid

## Network Services & DNS

Open Ports & Services

Port 80/TCP: HTTP
Port 443/TCP: HTTPS
TLS Configuration: TLS 1.3, Cipher: TLS_AES_256_GCM_SHA384

DNS Resolution

PTR Record: portscanner-fra1-02.prod.cyberresilience.io
Forward Resolutions: broadcast1.provisionalweb.info
Associated Domain: omniconnectivity.online
TLS Certificate: Issued by Let's Encrypt, Subject: *.train.fr2301vk8s001.omniconnectivity.online
Email Authentication: SPF configured, DMARC absent

## Threat Indicators

Current Status

Blacklist Count: 0
DNSBL Listed: 1 of 8 lists
Tor Exit Node: False
Known Attacker: False
Spam Source: False
Active Threats: None identified

Threat Persistence

Observation Count: 1
Persistence Days: 0
Campaign Likelihood: None

## Historical Observations (26 total)

Recent signal history indicates:

2026-06-28: Cloud computing infrastructure classification confirmed (DigitalOcean, is_hosting: true)
2026-06-20: HTTPS connection attempts recorded; TLS certificate scanning activity; geolocation confirmed in Frankfurt am Main with 50+ threat pulse matches in historical feeds

## Subnet Neighborhood Analysis

Subnet: 167.99.142.36/24
Abuse Density: 1 (mostly_clean classification)
Total Siblings: 1
Active Siblings: 1
Threat Siblings: 1
Inherited Risk: 2

## Relationships Graph (54 total)

DNS associations to portscanner-fra1-02.prod.cyberresilience.io (multiple entries)
Network associations to DIGITALOCEAN-167-99-0-0
Same network relationships within DigitalOcean infrastructure

## Recommended Actions

Based on the low-risk profile and minimal threat indicators, the following actions are recommended:

1. Monitor: Continue monitoring DNSBL status and threat feed updates

2. Allow: Permissive firewall rules acceptable for cloud hosting infrastructure

3. No Immediate Block: No active threats or attack patterns identified

4. Correlation: Investigate relationship to portscanner-fra1-02.prod.cyberresilience.io hostname for potential coordinated infrastructure

## Conclusion

This IP represents a legitimate cloud hosting asset with minimal risk exposure. The DNSBL listing and hostname associations warrant periodic review but do not indicate immediate threat. Standard monitoring protocols are sufficient for this asset.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	HE
City	Frankfurt am Main
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	DigitalOcean, LLC
ASN	AS14061
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	portscanner-fra1-02.prod.cyberresilience.io
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`broadcast1.provisionalweb.info`

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
Closed Ports	22, 25, 3389, 8080, 8443 (2 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

CN=*.train.fr2301vk8s001.omniconnectivity.online

Issued by CN=E7, O=Let's Encrypt, C=US

Self-signed: No

SANs	*.train.fr2301vk8s001.omniconnectivity.online
Valid From	2026-05-23T06:19:58+00:00
Valid Until	2026-08-21T06:19:57+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha384ECDSA
Validity Period	89 days
Serial Number	056FC422687CCE1F98B4CF023C4301C41470
Thumbprint	69BB38B3CFC1FBD6CD0ACF836219DD7B9B37AAE3

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	25%	2	4
routing	8%	1	1
services	34%	2	6
ownership	24%	2	3
reputation	26%	1	3
geolocation	21%	2	2
Overall	23%	10	19

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-16 20:59:49 UTC
Last Seen	2026-06-28 03:51:11 UTC
Profile Built	2026-06-28 21:56:05 UTC
Data Freshness	Live
Signal Types	22
Total Observations	29

🔍 22 signal types · 29 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

167.99.142.36📋 Copy