64.226.120.21

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# Intelligence Briefing: 64.226.120.21

Classification: Moderate Risk Infrastructure Node

Analysis Date: Current

Status: Active Cloud Host

## Executive Summary

IP address 64.226.120.21 is a DigitalOcean cloud infrastructure host located in Frankfurt am Main, Germany. The address presents a moderate risk profile (score: 40) with evidence of DNSBL listings (2/8 lists) but operates within a clean subnet environment with zero abuse density.

## Technical Profile

Ownership & Registration:

Organization: DigitalOcean, LLC (ASN 14061)
Location: Frankfurt am Main, Hesse, Germany
Infrastructure Type: Cloud Computing / Web Server
CIDR Block: 64.226.112.0/20

Network Services:

Open Ports: 22/SSH, 80/HTTP, 443/HTTPS
Server Banner: Apache/2.4.58 (Ubuntu)
TLS Certificate: Let's Encrypt (CN=farmacitrita.al)
Fingerprint: nginx/1.24.0

DNS Resolution:

PTR Hostname: farmaricritrita.al
Forward Resolution: Confirmed
Email Authentication: SPF and DMARC records absent

## Threat Intelligence

Risk Indicators:

DNSBL Listings: 2 out of 8 threat feeds (high severity noted)
Control Plane: Route instability detected (isRouteStable: false)
Operator Score: 0.2609 (Basic classification)
No active threat campaigns or known attacker associations

Historical Observations:

22 total signal observations recorded
Recent activity observed as of 2026-06-15
Cloud infrastructure consistently identified
No persistent malicious behavior patterns

## Relationship Graph

Associated Entities:

Primary DNS: farmaricritrita.al (31 relationship entries)
Network: DIGITALOCEAN-64-226-64-0
No certificate matches or correlated IPs detected

## Neighborhood Assessment

Subnet Analysis (64.226.120.21/24):

Abuse Density: 0 (Clean)
Threat Siblings: 0
Active Siblings: 1
Risk Distribution: Evenly distributed (no high/medium risk neighbors)

## SOC Recommendations

Allow/Block Decision: Monitor with logging recommended due to DNSBL listings.

Recommended Actions:

Block SSH port 22 from untrusted external networks
Implement rate limiting on HTTP/HTTPS ports
Add to monitoring dashboard for DNSBL listing correlation
Verify legitimacy of farmaricritrita.al domain ownership

Firewall Rule Template:

```

# Block SSH from non-trusted sources

iptables -A INPUT -p tcp --dport 22 -s <external_network> -j DROP

# Allow HTTPS with rate limiting

iptables -A INPUT -p tcp --dport 443 -m limit --limit 25/minute -j ACCEPT

# Log and monitor DNSBL hits

iptables -A INPUT -p tcp --dport 80 -j LOG --log-prefix "[DNSBL-MONITOR] "

```

Threat Level: Moderate - Cloud hosting infrastructure with minor reputation issues. No immediate threat indicators requiring emergency response.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	Hesse
City	Frankfurt am Main
Timezone	Europe/Berlin
Latitude	51.17
Longitude	10.45

🏢 Ownership & Registration

Organization	DigitalOcean, LLC
ASN	AS14061
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	farmacitrita.al
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`farmacitrita.al`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	Apache/2.4.58 (Ubuntu)
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16

🔐 TLS Certificate

🔒

CN=farmacitrita.al

Issued by CN=E8, O=Let's Encrypt, C=US

Self-signed: No

SANs	farmacitrita.alwww.farmacitrita.al
Valid From	2026-04-24T04:54:56+00:00
Valid Until	2026-07-23T04:54:55+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha384ECDSA
Validity Period	89 days
Serial Number	05BC84D04F154313B9FAAEF95993D91A14E0
Thumbprint	B14D0BD70F95DB83D368EBD86BD733C6EECB0310

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	25%	2	4
routing	8%	1	1
services	26%	2	4
ownership	24%	2	3
reputation	26%	1	3
geolocation	33%	2	3
Overall	24%	10	18

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-19 03:36:48 UTC
Last Seen	2026-06-28 08:37:00 UTC
Profile Built	2026-06-29 02:43:10 UTC
Data Freshness	Live
Signal Types	23
Total Observations	27

🔍 23 signal types · 27 observations collected

This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

64.226.120.21📋 Copy