143.198.100.165
IP Intelligence Briefing: 143.198.100.165
Date: 2026-06-15
---
**1. Core Profile**
- Risk Score: Low Risk (25/100)
- Provider: DigitalOcean (ASN 14061)
- Geolocation: Santa Clara, CA, US (geoPlausible: False)
- Network Role: CloudCompute (Web Server with SSH, HTTP, HTTPS)
- Threat Indicators: No active threats reported in current profile, but historical data (June 15) shows 10 pulse signals (e.g., potential malicious activity).
---
**2. Observation History**
- Recent Activity (June 15):
- Detected TLS/HTTP scanning and threat pulses (confidence: 0.85).
- Geo validation violation: RTT (89ms) below expected for 8858km distance (minimum: 177ms).
- Longer-Term Trends:
- No persistent malicious activity (threatPersistenceDays: 0).
- Subnet (143.198.100.165/24) has abuse density 1 (mostly clean).
---
**3. Relationships & Subnet**
- Linked Entities:
- Same network: DIGITALOCEAN-143-198-0-0 (repeated 20x in relationships).
- Subnet Analysis:
- No neighboring IPs reported (neighborCount: 0).
- Subnet classified as mostly clean (abuseDensity: 1).
---
**4. Services & Configuration**
- Open Ports:
- TCP 80 (HTTP), 443 (HTTPS), 22 (SSH).
- SSH banner: `SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16`.
- TLS Certificate:
- Issuer: `CN=TRAEFIK DEFAULT CERT` (reverse proxy, likely legitimate).
- DNS:
- No PTR records or domain associations.
---
**5. Risk & Recommendations**
- Key Flags:
- Geo Anomaly: RTT discrepancy suggests potential spoofing or misconfigured geolocation.
- Historical Threats: Recent pulses warrant closer monitoring.
- Recommended Actions:
- Verify geolocation accuracy via alternative methods (e.g., traceroute).
- Monitor for changes in threat indicators or unexpected traffic patterns.
- Ensure cloud server configurations (SSH, TLS) are secured against unauthorized access.
---
Conclusion:
This DigitalOcean cloud server shows no current malicious activity but has historical signals requiring further investigation. The geo anomaly and subnet isolation merit scrutiny to rule out spoofing or misconfigured infrastructure.
SOC Analyst Notes: Prioritize validating location data and maintaining vigilance for emerging threats.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 17 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-24 18:39:54 UTC |
| Last Seen | 2026-06-29 00:19:51 UTC |
| Profile Built | 2026-06-29 06:21:37 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 23 |
Full dossier details are available via our API.