24.199.123.185
# IP Intelligence Briefing: 24.199.123.185/32
Classification: Low Risk / Cloud Infrastructure Host
Date: 2026-06-21
Intel Level: Standard SOC Monitoring
---
## Executive Summary
IP address 24.199.123.185 is classified as a low-risk cloud hosting endpoint operated by DigitalOcean, LLC. The asset presents a single-service host profile with no active threat indicators, no blacklist associations, and minimal neighborhood abuse density. Current risk score of 25 indicates acceptable operational risk for standard monitoring procedures.
---
## Ownership and Network Context
| Attribute | Value |
|---|---|
| Organization | DigitalOcean, LLC |
| ASN | 14061 |
| Network Name | DIGITALOCEAN-24-199-64-0 |
| CIDR Block | 24.199.64.0/18 |
| RIR | ARIN |
| Region | California, Santa Clara |
| Country | United States (US) |
The IP resides within a DigitalOcean cloud infrastructure environment classified as single-service hosting. Control plane analysis confirms route stability with DNSSEC validation enabled.
---
## Network Services and Endpoints
Active Services:
- Port 22/tcp: SSH (OpenSSH_8.9p1 Ubuntu-3ubuntu0.15)
- DNS Resolution: No forward resolution or PTR records detected
- HTTP/HTTPS: No web services detected (null httpTitle, no TLS certificates)
- Email Authentication: SPF and DMARC records absent
The endpoint exhibits minimal service exposure, limited to standard SSH access for administrative purposes.
---
## Threat Intelligence Assessment
| Metric | Value |
|---|---|
| Risk Score | 25 (Low Risk) |
| Abuse Confidence Score | Not Applicable |
| Blacklist Count | 0 |
| Known Attacker | No |
| Spam Source | No |
| Tor Exit Node | No |
| Threat Indicators | None |
| Known Campaigns | None |
Assessment: The IP has no active threat indicators, no blacklist associations, and zero correlation with known malicious campaigns. Threat observation count of 1 with threat persistence days of 0 indicates transient activity without established malicious behavior.
---
## Temporal Analysis and Signal History
Historical observation count: 19 signals across the monitoring period. Key temporal findings include:
- Ownership Stability: 0 ownership changes recorded
- Threat Persistence: 0 days of persistent malicious activity
- Classification Consistency: Cloud hosting classification maintained throughout observation window
- Abuse Density: Subnet 24.199.123.0/24 classified as "mostly_clean" with abuse density rating of 1
- Neighborhood Risk: Inherited risk score of 2 within peer subnet
No escalation trends detected in signal history. The IP maintains consistent low-risk classification across all observed time windows.
---
## Network Neighborhood Analysis
Subnet: 24.199.123.185/24
Abuse Density: 1 (Low)
Classification: Mostly Clean
Total Siblings: 1
Active Siblings: 1
Threat Siblings: 1
The /24 subnet demonstrates minimal abuse density with no adjacent high-risk neighbors detected. Peer IP analysis confirms the subnet operates within normal cloud infrastructure parameters.
---
## Recommended Actions
SOC Team:
- Continue standard monitoring; no immediate blocking required
- SSH port activity expected for legitimate cloud management
- Monitor for any sudden service additions or port enumeration
Firewall/Routing:
- No specific blocking rules recommended
- Standard cloud provider allow-listing applies
- Rate limiting on SSH port 22 if policy requires
---
## Conclusion
24.199.123.185 operates as a low-risk DigitalOcean cloud hosting endpoint with no active malicious indicators. The IP maintains consistent classification as single-service cloud infrastructure with minimal threat exposure. No immediate action required; maintain standard monitoring protocols.
Status: β CLEAR FOR BUSINESS
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | DIGITALOCEAN-24-199-64-0 |
| CIDR Block | 24.199.64.0/18 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-07 07:50:14 UTC |
| Last Seen | 2026-06-29 15:53:55 UTC |
| Profile Built | 2026-06-29 15:57:02 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 21 |
Full dossier details are available via our API.