139.59.184.99
# IPDEBRIEF INTELLIGENCE BRIEFING
Target IP: 139.59.184.99
Classification: Cloud Infrastructure (DigitalOcean)
Risk Score: 55/100 (Moderate Risk)
Report Generated: June 2026
---
## EXECUTIVE SUMMARY
IP 139.59.184.99 is a DigitalOcean cloud-hosted web server located in London, England. The IP exhibits a moderate risk profile (55/100) with evidence of DNSBL listings on 3 of 8 monitoring lists. A single threat observation was recorded in the signal history. The IP operates standard web services (HTTP/HTTPS) and SSH, with TLS certificate associated with domain questmeat.com.
---
## INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **Organization** | Digital Ocean Inc administrator (ASN 14061) |
| **Location** | London, England, GB |
| **Infrastructure Type** | CloudCompute (DigitalOcean) |
| **CIDR Block** | 139.59.176.0/20 |
| **DNSBL Status** | Listed on 3/8 blacklists |
Open Services:
- Port 80/tcp (HTTP)
- Port 443/tcp (HTTPS)
- Port 22/tcp (SSH - OpenSSH_8.9p1 Ubuntu)
TLS Certificate:
- Issuer: Let's Encrypt
- Subject: questmeat.com
- SANs: questmeat.com, www.questmeat.com
---
## THREAT INDICATORS
- Threat Classification: Moderate Risk
- Known Attacker: False
- Spam Source: False
- Tor Exit Node: False
- Malicious Campaign Correlation: None
- Threat Persistence: Not persistently malicious
- Recent Threat Observations: 1 (as of June 14, 2026)
Control Plane Assessment:
- Operator Score: 0.1304 (Minimal)
- Route Stability: Unstable
- DNSSEC Valid: True
---
## SIGNAL HISTORY ANALYSIS
Total observations recorded: 23
Key Temporal Signals:
- June 14, 2026: Cloud provider confirmed (DigitalOcean), geolocation validated (London, GB)
- June 14, 2026: HTTP response status 500 observed, CSP header present
- June 14, 2026: Reputation signal with threat indicators present (pulse count: 1)
Risk Trend: No persistent malicious pattern detected. Single threat observation indicates intermittent anomalous activity.
---
## NETWORK NEIGHBORHOOD ANALYSIS
Subnet: 139.59.184.0/24
Abuse Density: 0.5 (Moderate)
Classification: Mostly Clean
Adjacent IPs:
- 139.59.184.124: Risk Score 25/100, Authority Score 50/100
Risk Inheritance: 2 (Low-Medium)
Threat Siblings: 1 out of 2 active siblings
---
## RECOMMENDED SECURITY ACTIONS
Primary Recommendation: Increase logging verbosity and review recent activity from this IP.
Firewall Rules by Platform:
| Platform | Rule |
|---|---|
| **iptables** | `iptables -A INPUT -s 139.59.184.99 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 139.59.184.99 drop` |
| **nginx** | `deny 139.59.184.99;` |
| **pfSense** | `139.59.184.99/32` |
| **Cloudflare WAF** | Block 139.59.184.99 (risk score 55) |
| **AWS WAF** | IPSet: 139.59.184.99/32 |
Action Priority: HIGH โ Elevated risk score warrants blocking pending further validation.
---
## INTELLIGENCE ASSESSMENT
The IP demonstrates characteristics of compromised or misconfigured cloud infrastructure. The moderate risk score combined with DNSBL listings and a single threat observation suggests potential abuse. The TLS certificate for questmeat.com requires validation against known threat actors. Neighboring IP 139.59.184.124 shows lower risk (25/100) but should be monitored for related activity patterns.
Recommended Next Steps:
1. Implement blocking firewall rules immediately
2. Correlate with internal logs for recent connection attempts
3. Investigate domain questmeat.com reputation
4. Monitor subnet 139.59.184.0/24 for coordinated activity
---
*End of Briefing*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Digital Ocean Inc administrator |
| ASN | AS14061 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.18.0 (Ubuntu) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
๐ TLS Certificate
| SANs | questmeat.comwww.questmeat.com |
| Valid From | 2026-05-07T13:43:50+00:00 |
| Valid Until | 2026-08-05T13:43:49+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 0609C711B5A818496BBC50A76CDC665CC71D |
| Thumbprint | 39DC86E21FA9B745FA92C8B4D0D91FB0DAE26E1A |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 41% | 2 | 5 |
| routing | 8% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 26% | 10 | 17 |
| Data Coherence | Mostly Consistent (85%) โ 1 contradiction(s) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-14 13:23:29 UTC |
| Last Seen | 2026-06-28 00:38:55 UTC |
| Profile Built | 2026-06-28 18:44:00 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 24 |
Full dossier details are available via our API.