128.199.221.212
# IP INTELLIGENCE BRIEFING
Target IP: 128.199.221.212/32
Date: 2026-06-14
Classification: Moderate Risk
---
## EXECUTIVE SUMMARY
IP 128.199.221.212 is a DigitalOcean cloud host located in Singapore operating as a web server. The address carries a moderate risk score of 50, with evidence of DNS blacklist activity and minimal operator reputation. The IP is hosted on cloud infrastructure and resolves to the domain codes.hla-integrated.com. No active threat campaigns or known attacker indicators were identified.
---
## OWNERSHIP & INFRASTRUCTURE
- ASN: 14061 (DigitalOcean)
- Organization: DigitalOcean
- Infrastructure Type: CloudCompute
- CIDR Block: 128.199.192.0/18
- Geolocation: Singapore (SG) β *Note: Geolocation validation flagged as implausible*
- BGP Route Stability: False (route changes observed within 30 days)
---
## NETWORK SERVICES & DNS
Open Ports:
- TCP/443 (HTTPS) β nginx web server
- TCP/22 (SSH) β OpenSSH 8.2p1 Ubuntu
DNS Resolution:
- PTR Hostname: codes.hla-integrated.com
- Domain: hla-integrated.com
- Forward Confirmed: No
- TLS Certificate: Let's Encrypt (R13) issued for codes.hla-integrated.com
Security Posture:
- HSTS Enabled: Yes
- CSP Header: No
- DNSSEC Valid: Yes
---
## THREAT INDICATORS
| Metric | Value |
|---|---|
| Risk Score | 50 (Moderate) |
| Abuse Confidence | Not Calculated |
| Blacklist Count | 2 |
| Operator Score | 0.1304 (Minimal) |
| Known Attacker | No |
| Tor Exit Node | No |
| Campaign Matches | 0 |
Control Plane:
- DNSBL Listed: 2 of 8 total lists
- RPKI State: Not Available
- IRR Consistency: Not Available
---
## HISTORICAL OBSERVATIONS
Total Observations: 25 signals collected
- Recent Activity (2026-06-14):
- Cloud infrastructure classification confirmed (DigitalOcean)
- DNS blacklist activity detected with high severity listings
- Operator score assessments completed
- Persistence: No persistent malicious behavior observed
---
## NEIGHBORHOOD ANALYSIS
Subnet: 128.199.221.212/24
- Abuse Density: 1 (elevated)
- Classification: Mostly Clean
- Threat Siblings: 1 identified
- Active Siblings: 1
The subnet shows minimal but present abuse activity, with one related IP flagged as a threat sibling.
---
## RELATIONSHIP GRAPH
- Total Relationships: 58
- Primary Connections: Same Network (DigitalOcean) β 53+ relationships
- Linked Entities: Network-level associations with DigitalOcean infrastructure
---
## RECOMMENDED ACTIONS
Firewall Rules (High Priority)
```bash
# iptables
iptables -A INPUT -s 128.199.221.212 -j DROP
# nftables
nft add rule inet filter input ip saddr 128.199.221.212 drop
```
Web Application Firewall
```nginx
# nginx
deny 128.199.221.212;
# Cloudflare WAF
{"description":"Block 128.199.221.212 β IPDebrief risk score 50", "action":"block", "filter":{"expression":"ip.src eq 128.199.221.212"}}
```
AWS WAF
```json
{"Addresses":["128.199.221.212/32"],"Description":"IPDebrief risk 50"}
```
---
## SOC ANALYST NOTES
1. Block Decision: Recommended due to DNS blacklist activity and moderate risk score
2. Geolocation Warning: Singapore assignment flagged as implausible β verify actual location
3. Domain Investigation: codes.hla-integrated.com warrants additional scrutiny
4. Monitoring: Track for any escalation in abuse density within the /24 subnet
5. False Positive Consideration: Legitimate hosting environment β consider allowing if traffic appears benign
---
Report Generated: IPDebrief Intelligence Platform
Confidence Level: Moderate
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | digitalocean |
| ASN | AS14061 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | codes.hla-integrated.com |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | codes.hla-integrated.com |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | nginx |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.13 |
π TLS Certificate
| SANs | codes.hla-integrated.com |
| Valid From | 2026-05-01T02:02:34+00:00 |
| Valid Until | 2026-07-30T02:02:33+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 06E2EA7686CE6BD4DB9C0C09066553402C94 |
| Thumbprint | 95EF140A636512C7989006A02F5490EBD9CA256B |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 25% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 23% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-13 19:03:43 UTC |
| Last Seen | 2026-06-27 23:36:36 UTC |
| Profile Built | 2026-06-28 23:41:53 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 28 |
Full dossier details are available via our API.