64.226.127.28

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target: 64.226.127.28/32

Date: 2026-06-27

Classification: Moderate Risk - Cloud Infrastructure

## EXECUTIVE SUMMARY

IP address 64.226.127.28 is a DigitalOcean cloud-hosted web server located in Frankfurt am Main, Germany. The asset presents moderate risk primarily due to DNSBL listings (2 of 8 lists) without evidence of active malicious behavior. The subnet demonstrates clean classification with zero abuse density. No known threat campaigns or attacker associations identified.

## OWNERSHIP & INFRASTRUCTURE

Attribute	Value
Provider	DigitalOcean, LLC
ASN	14061
Network	64.226.112.0/20
Location	Frankfurt am Main, Hesse, Germany (DE)
Infrastructure	Cloud (DigitalOcean)
Registration	ARIN

## NETWORK SIGNATURE & SERVICES

Web Server: nginx with HTTP/2.0 support enabled
Open Ports: TCP/80 (HTTP), TCP/443 (HTTPS), TCP/22 (SSH)
TLS Certificate: Self-signed certificate for 64.226.127.28
HTTP Status: 404 (Not Found)
Security Headers: HSTS not present, CSP not configured
Response Time: 370ms (TTFB)

## THREAT INDICATORS

Risk Score: 40 (Moderate)
DNSBL Listings: 2 of 8 lists
Known Attacker: No
Tor Exit Node: No
Spam Source: No
Active Threat Indicators: None
Campaign Associations: None detected

## TEMPORAL ANALYSIS

Observation History: 24 total observations collected

Most Recent Signal: 2026-06-27T14:45:11 UTC
Subnet Classification: Clean (abuse density: 0)
Threat Persistence: 0 days
Ownership Changes: 0 recorded
Threat Trend: Stable/No escalation detected

## NETWORK CONTEXT

Subnet Analysis (64.226.127.0/24):

Abuse Density: 0 (clean)
Total Siblings: 1
Active Siblings: 1
Threat Siblings: 0
Inherited Risk: 0

Relationship Graph: 61 relationships identified, primarily same-network associations with DIGITALOCEAN-64-226-64-0 network. No organizational or hostname relationships linked.

## SECURITY POSTURE ASSESSMENT

DNSSEC Valid: Yes
CAA Records: Present
BGP Prefix Stability: False (route changes detected)
MoAS: No
IRP Consistency: Not evaluated

## RECOMMENDED ACTIONS

Based on the moderate risk profile and DNSBL listings:

1. Monitor: Continue monitoring for escalation in threat signals

2. Block Consideration: Evaluate DNSBL listing sources (2 lists) - consider temporary block if traffic is from blocked sources

3. SSH Access: Block TCP/22 if not required by organizational policy

4. Certificate Validation: Self-signed certificate detected - verify authenticity if accessing this service

5. Rate Limiting: Implement rate limiting for web traffic given cloud hosting context

## CONCLUSION

This IP represents standard cloud infrastructure with moderate risk primarily from DNSBL presence. No active threat indicators or malicious behavior observed. The clean subnet environment suggests this is likely benign hosting infrastructure. SOC analysts should monitor for any changes in threat profile while maintaining standard cloud security posture controls.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇩🇪 Germany
Region	Hesse
City	Frankfurt am Main
Timezone	Europe/Berlin
Latitude	50.12
Longitude	8.68

🏢 Ownership & Registration

Organization	DigitalOcean, LLC
ASN	AS14061
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

Cloud

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_9.9
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	nginx
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.9

🔐 TLS Certificate

A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.

⚠️

CN=64.226.127.28

Issued by CN=64.226.127.28

Self-signed: Yes

SANs	None
Valid From	2026-06-01T15:36:46+00:00
Valid Until	2036-05-29T15:36:46+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	3650 days
Serial Number	1AB8A154342CDBE18BC0193C81B62C073EDB6057
Thumbprint	24E83201AD2A83DDF4E5448EDE7E6E2AF88ADD74

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	25%	2	4
routing	8%	1	1
services	25%	2	4
ownership	20%	2	3
reputation	27%	1	3
geolocation	23%	2	2
Overall	21%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Geo sources disagree on country: US, DE

📅 Observation Timeline 🔄 Live

First Seen	2026-05-08 23:18:44 UTC
Last Seen	2026-06-27 14:44:54 UTC
Profile Built	2026-06-28 08:49:24 UTC
Data Freshness	Live
Signal Types	22
Total Observations	28

🔍 22 signal types · 28 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

64.226.127.28📋 Copy