# Intelligence Briefing: 64.226.120.21
Classification: Moderate Risk Infrastructure Node
Analysis Date: Current
Status: Active Cloud Host
## Executive Summary
IP address 64.226.120.21 is a DigitalOcean cloud infrastructure host located in Frankfurt am Main, Germany. The address presents a moderate risk profile (score: 40) with evidence of DNSBL listings (2/8 lists) but operates within a clean subnet environment with zero abuse density.
## Technical Profile
Ownership & Registration:
- Organization: DigitalOcean, LLC (ASN 14061)
- Location: Frankfurt am Main, Hesse, Germany
- Infrastructure Type: Cloud Computing / Web Server
- CIDR Block: 64.226.112.0/20
Network Services:
- Open Ports: 22/SSH, 80/HTTP, 443/HTTPS
- Server Banner: Apache/2.4.58 (Ubuntu)
- TLS Certificate: Let's Encrypt (CN=farmacitrita.al)
- Fingerprint: nginx/1.24.0
DNS Resolution:
- PTR Hostname: farmaricritrita.al
- Forward Resolution: Confirmed
- Email Authentication: SPF and DMARC records absent
## Threat Intelligence
Risk Indicators:
- DNSBL Listings: 2 out of 8 threat feeds (high severity noted)
- Control Plane: Route instability detected (isRouteStable: false)
- Operator Score: 0.2609 (Basic classification)
- No active threat campaigns or known attacker associations
Historical Observations:
- 22 total signal observations recorded
- Recent activity observed as of 2026-06-15
- Cloud infrastructure consistently identified
- No persistent malicious behavior patterns
## Relationship Graph
Associated Entities:
- Primary DNS: farmaricritrita.al (31 relationship entries)
- Network: DIGITALOCEAN-64-226-64-0
- No certificate matches or correlated IPs detected
## Neighborhood Assessment
Subnet Analysis (64.226.120.21/24):
- Abuse Density: 0 (Clean)
- Threat Siblings: 0
- Active Siblings: 1
- Risk Distribution: Evenly distributed (no high/medium risk neighbors)
## SOC Recommendations
Allow/Block Decision: Monitor with logging recommended due to DNSBL listings.
Recommended Actions:
- Block SSH port 22 from untrusted external networks
- Implement rate limiting on HTTP/HTTPS ports
- Add to monitoring dashboard for DNSBL listing correlation
- Verify legitimacy of farmaricritrita.al domain ownership
Firewall Rule Template:
```
# Block SSH from non-trusted sources
iptables -A INPUT -p tcp --dport 22 -s <external_network> -j DROP
# Allow HTTPS with rate limiting
iptables -A INPUT -p tcp --dport 443 -m limit --limit 25/minute -j ACCEPT
# Log and monitor DNSBL hits
iptables -A INPUT -p tcp --dport 80 -j LOG --log-prefix "[DNSBL-MONITOR] "
```
Threat Level: Moderate - Cloud hosting infrastructure with minor reputation issues. No immediate threat indicators requiring emergency response.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | farmacitrita.al |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | farmacitrita.al |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Apache/2.4.58 (Ubuntu) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
| SANs | farmacitrita.alwww.farmacitrita.al |
| Valid From | 2026-04-24T04:54:56+00:00 |
| Valid Until | 2026-07-23T04:54:55+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 05BC84D04F154313B9FAAEF95993D91A14E0 |
| Thumbprint | B14D0BD70F95DB83D368EBD86BD733C6EECB0310 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 26% | 2 | 4 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 03:36:48 UTC |
| Last Seen | 2026-06-28 08:37:00 UTC |
| Profile Built | 2026-06-29 02:43:10 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.