# IP Intelligence Briefing: 128.199.225.7/32
Date: 2026-06-25
Classification: Cloud Infrastructure IP
Status: Moderate Risk Assessment
---
## EXECUTIVE SUMMARY
IP 128.199.225.7 is a DigitalOcean cloud compute instance (ASN 14061) registered to the US RIR ARIN. The IP presents a moderate risk score of 50, primarily driven by DNS blacklist associations. The address shows no active threat indicators, is not a Tor exit node, and the /24 subnet demonstrates clean classification with zero abuse density.
---
## NETWORK OWNERSHIP & GEOLOCATION
- Organization: DigitalOcean, LLC
- ASN: 14061 (DigitalOcean)
- BGP Prefix: 128.199.192.0/18
- Registered RIR: ARIN
- Geolocation: Singapore (SG) β Geo consensus confirmed across 1 source
- Infrastructure Type: CloudCompute provider
- Network Role: Firewalled / No Services detected
---
## THREAT ASSESSMENT
- Overall Risk Score: 50 (Moderate Risk)
- Abuse Confidence Score: Not calculated
- Threat Indicators: None detected
- Known Campaigns: None identified
- Tor Exit Node: False
- Known Attacker: False
- Spam Source: False
- Blacklist Status: 2 of 8 DNSBL lists (severity: high)
- Operator Score: 0.2174 (Minimal)
- Moas Classification: False
- Route Stability: Stable (no route changes in 30 days)
---
## NETWORK BEHAVIOR & SERVICES
- Open Ports: None detected
- TLS Certificate: None
- HTTP Service: None
- DNS PTR Records: None
- Forward Resolution: Not confirmed
- HSTS/CSP Headers: Absent
- WAF Violations: 0
---
## OBSERVATION HISTORY (27 Total Observations)
- Latest Classification: Clean subnet (128.199.225.7/24)
- Abuse Density: 0 (neighborhood)
- Threat Persistence: Not persistently malicious
- Ownership Changes: 0
- Historical DNSBL: 2 listings confirmed (high severity)
- Geolocation Signals: Mixed β Singapore consensus; multi-signal inference indicated US coordinates (39.83, -98.58) with low confidence (0.28)
---
## RELATIONSHIP ANALYSIS
- Total Relationships: 47
- Primary Associations: DigitalOcean network infrastructure
- Related Networks: Multiple DigitalOcean subnets identified
- Certificate Matches: 0
- Correlated IPs: 0
---
## NEIGHBORHOOD ANALYSIS (128.199.225.7/24)
- Subnet Classification: Clean
- Active Siblings: 1
- Total Siblings: 1
- Threat Siblings: 0
- Inherited Risk: 0
- Abuse Density: 0
- Risk Distribution: High: 0, Medium: 0, Low: 0
---
## CONTROL PLANE DATA
- Origin ASN: 14061
- AS Path: 6939 14061
- RPKI State: Not evaluated
- IRR Consistency: Not evaluated
- DNSSEC Valid: Yes
- CAA Records: Present
- Delegation Age: 4,981 days (~13.6 years)
- Hop Count: 13
- Transit Networks: Comcast, Lumen
---
## SOC ACTIONABLE INTELLIGENCE
Risk Determination
This IP warrants moderate scrutiny due to DNSBL listings but lacks active threat indicators. The moderate risk score (50) appears conservative given the absence of:
- Active malicious campaigns
- Known attacker associations
- Open service ports
- Subnet-level abuse activity
Recommended Actions
1. Allow with Monitoring: Permit traffic from 128.199.225.7 with logging enabled for 7 days
2. DNSBL Verification: Investigate the 2 DNSBL listings to determine relevance
3. Cloud Infrastructure Context: Recognize as legitimate DigitalOcean compute instance
4. Geolocation Verification: Confirm expected geographic location (Singapore vs. inferred US)
5. Block if: Evidence of malicious activity or abuse patterns emerges
Firewall Rule (Recommended)
```
# Allow with logging
iptables -A INPUT -s 128.199.225.7/32 -j LOG --log-prefix "DO-128.199.225.7: "
iptables -A INPUT -s 128.199.225.7/32 -j ACCEPT
# Monitor for 7 days, then re-evaluate
```
---
Analyst Notes: This IP represents standard cloud infrastructure with elevated risk scoring likely due to DNSBL associations rather than active malicious behavior. The clean subnet classification and lack of threat indicators suggest routine monitoring rather than immediate blocking is appropriate.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | digitalocean |
| ASN | AS14061 |
| Network Name | β |
| CIDR Block | 128.199.192.0/18 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 20% | 2 | 3 |
| services | 20% | 2 | 3 |
| ownership | 22% | 3 | 4 |
| reputation | 27% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 25% | 12 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-09 05:25:26 UTC |
| Last Seen | 2026-06-27 14:50:22 UTC |
| Profile Built | 2026-06-28 08:56:11 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 32 |
Full dossier details are available via our API.