IPDebrief

139.59.184.99

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON ๐Ÿ”ง Full Actions API
๐Ÿค– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IPDEBRIEF INTELLIGENCE BRIEFING

Target IP: 139.59.184.99

Classification: Cloud Infrastructure (DigitalOcean)

Risk Score: 55/100 (Moderate Risk)

Report Generated: June 2026

---

## EXECUTIVE SUMMARY

IP 139.59.184.99 is a DigitalOcean cloud-hosted web server located in London, England. The IP exhibits a moderate risk profile (55/100) with evidence of DNSBL listings on 3 of 8 monitoring lists. A single threat observation was recorded in the signal history. The IP operates standard web services (HTTP/HTTPS) and SSH, with TLS certificate associated with domain questmeat.com.

---

## INFRASTRUCTURE PROFILE

AttributeValue
**Organization**Digital Ocean Inc administrator (ASN 14061)
**Location**London, England, GB
**Infrastructure Type**CloudCompute (DigitalOcean)
**CIDR Block**139.59.176.0/20
**DNSBL Status**Listed on 3/8 blacklists

Open Services:

TLS Certificate:

---

## THREAT INDICATORS

Control Plane Assessment:

---

## SIGNAL HISTORY ANALYSIS

Total observations recorded: 23

Key Temporal Signals:

Risk Trend: No persistent malicious pattern detected. Single threat observation indicates intermittent anomalous activity.

---

## NETWORK NEIGHBORHOOD ANALYSIS

Subnet: 139.59.184.0/24

Abuse Density: 0.5 (Moderate)

Classification: Mostly Clean

Adjacent IPs:

Risk Inheritance: 2 (Low-Medium)

Threat Siblings: 1 out of 2 active siblings

---

## RECOMMENDED SECURITY ACTIONS

Primary Recommendation: Increase logging verbosity and review recent activity from this IP.

Firewall Rules by Platform:

PlatformRule
**iptables**`iptables -A INPUT -s 139.59.184.99 -j DROP`
**nftables**`nft add rule inet filter input ip saddr 139.59.184.99 drop`
**nginx**`deny 139.59.184.99;`
**pfSense**`139.59.184.99/32`
**Cloudflare WAF**Block 139.59.184.99 (risk score 55)
**AWS WAF**IPSet: 139.59.184.99/32

Action Priority: HIGH โ€” Elevated risk score warrants blocking pending further validation.

---

## INTELLIGENCE ASSESSMENT

The IP demonstrates characteristics of compromised or misconfigured cloud infrastructure. The moderate risk score combined with DNSBL listings and a single threat observation suggests potential abuse. The TLS certificate for questmeat.com requires validation against known threat actors. Neighboring IP 139.59.184.124 shows lower risk (25/100) but should be monitored for related activity patterns.

Recommended Next Steps:

1. Implement blocking firewall rules immediately

2. Correlate with internal logs for recent connection attempts

3. Investigate domain questmeat.com reputation

4. Monitor subnet 139.59.184.0/24 for coordinated activity

---

*End of Briefing*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

๐ŸŒ Geolocation

Country๐Ÿ‡ฌ๐Ÿ‡ง United Kingdom
RegionENG
CityLondon
TimezoneEurope/London
Latitude51.52
Longitude-0.62

๐Ÿข Ownership & Registration

OrganizationDigital Ocean Inc administrator
ASNAS14061
Network Nameโ€”
CIDR Blockโ€”
RIRARIN
Countryโ€”
Abuse ContactAvailable via RDAP

๐ŸŒ DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo โ€” PTR hostname does not resolve back to this IP (weak signal)

๐Ÿ” DNS Hygiene

Hygiene Score40% (Fair)
SPFPresent
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

โ˜๏ธ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeWeb Server
Network TierHosting โ€” Infrastructure provider without advanced routing
CloudHosting

๐Ÿ”Œ Services & Open Ports

PortServiceProtocolBanner
80httptcpโ€”
443httpstcpโ€”
22sshtcp
Closed Ports25, 3389, 8080, 8443 (3 open / 7 scanned)
Servernginx/1.18.0 (Ubuntu)
HTTP Titleโ€”
SSH VersionSSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15

๐Ÿ” TLS Certificate

๐Ÿ”’
CN=questmeat.com
Issued by CN=R12, O=Let's Encrypt, C=US
Self-signed: No
SANsquestmeat.comwww.questmeat.com
Valid From2026-05-07T13:43:50+00:00
Valid Until2026-08-05T13:43:49+00:00
TLS ProtocolTls13
Cipher SuiteTLS_AES_256_GCM_SHA384
Signature Algorithmsha256RSA
Validity Period89 days
Serial Number0609C711B5A818496BBC50A76CDC665CC71D
Thumbprint39DC86E21FA9B745FA92C8B4D0D91FB0DAE26E1A

๐ŸŽฏ Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
41%
25
routing
8%
11
services
30%
23
ownership
24%
23
reputation
26%
13
geolocation
25%
22
Overall26%1017
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
Data CoherenceMostly Consistent (85%) โ€” 1 contradiction(s)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid
โš  High authority score (70) but appears on threat lists (risk 40)

๐Ÿ“… Observation Timeline ๐Ÿ”„ Live

First Seen2026-05-14 13:23:29 UTC
Last Seen2026-06-28 00:38:55 UTC
Profile Built2026-06-28 18:44:00 UTC
Data FreshnessLive
Signal Types20
Total Observations24
๐Ÿ” 20 signal types ยท 24 observations collected
This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API ๐Ÿ”ง Actions API ๐Ÿ“ง Enterprise Access

โ„น๏ธ About This Report

All data shown is publicly available network metadata โ€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.