# IP INTELLIGENCE BRIEFING
Target: 64.226.127.28/32
Date: 2026-06-27
Classification: Moderate Risk - Cloud Infrastructure
## EXECUTIVE SUMMARY
IP address 64.226.127.28 is a DigitalOcean cloud-hosted web server located in Frankfurt am Main, Germany. The asset presents moderate risk primarily due to DNSBL listings (2 of 8 lists) without evidence of active malicious behavior. The subnet demonstrates clean classification with zero abuse density. No known threat campaigns or attacker associations identified.
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **Provider** | DigitalOcean, LLC |
| **ASN** | 14061 |
| **Network** | 64.226.112.0/20 |
| **Location** | Frankfurt am Main, Hesse, Germany (DE) |
| **Infrastructure** | Cloud (DigitalOcean) |
| **Registration** | ARIN |
## NETWORK SIGNATURE & SERVICES
- Web Server: nginx with HTTP/2.0 support enabled
- Open Ports: TCP/80 (HTTP), TCP/443 (HTTPS), TCP/22 (SSH)
- TLS Certificate: Self-signed certificate for 64.226.127.28
- HTTP Status: 404 (Not Found)
- Security Headers: HSTS not present, CSP not configured
- Response Time: 370ms (TTFB)
## THREAT INDICATORS
- Risk Score: 40 (Moderate)
- DNSBL Listings: 2 of 8 lists
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Active Threat Indicators: None
- Campaign Associations: None detected
## TEMPORAL ANALYSIS
Observation History: 24 total observations collected
- Most Recent Signal: 2026-06-27T14:45:11 UTC
- Subnet Classification: Clean (abuse density: 0)
- Threat Persistence: 0 days
- Ownership Changes: 0 recorded
- Threat Trend: Stable/No escalation detected
## NETWORK CONTEXT
Subnet Analysis (64.226.127.0/24):
- Abuse Density: 0 (clean)
- Total Siblings: 1
- Active Siblings: 1
- Threat Siblings: 0
- Inherited Risk: 0
Relationship Graph: 61 relationships identified, primarily same-network associations with DIGITALOCEAN-64-226-64-0 network. No organizational or hostname relationships linked.
## SECURITY POSTURE ASSESSMENT
- DNSSEC Valid: Yes
- CAA Records: Present
- BGP Prefix Stability: False (route changes detected)
- MoAS: No
- IRP Consistency: Not evaluated
## RECOMMENDED ACTIONS
Based on the moderate risk profile and DNSBL listings:
1. Monitor: Continue monitoring for escalation in threat signals
2. Block Consideration: Evaluate DNSBL listing sources (2 lists) - consider temporary block if traffic is from blocked sources
3. SSH Access: Block TCP/22 if not required by organizational policy
4. Certificate Validation: Self-signed certificate detected - verify authenticity if accessing this service
5. Rate Limiting: Implement rate limiting for web traffic given cloud hosting context
## CONCLUSION
This IP represents standard cloud infrastructure with moderate risk primarily from DNSBL presence. No active threat indicators or malicious behavior observed. The clean subnet environment suggests this is likely benign hosting infrastructure. SOC analysts should monitor for any changes in threat profile while maintaining standard cloud security posture controls.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.9 |
๐ TLS Certificate
| SANs | None |
| Valid From | 2026-06-01T15:36:46+00:00 |
| Valid Until | 2036-05-29T15:36:46+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 3650 days |
| Serial Number | 1AB8A154342CDBE18BC0193C81B62C073EDB6057 |
| Thumbprint | 24E83201AD2A83DDF4E5448EDE7E6E2AF88ADD74 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 25% | 2 | 4 |
| ownership | 20% | 2 | 3 |
| reputation | 27% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 21% | 10 | 17 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-08 23:18:44 UTC |
| Last Seen | 2026-06-27 14:44:54 UTC |
| Profile Built | 2026-06-28 08:49:24 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 28 |
Full dossier details are available via our API.