Threat Intelligence Briefing for IP 143.198.47.232
1. Risk Profile
- Risk Score: Moderate (50/100).
- Ownership: Registered to DigitalOcean, LLC (ASN 14061) under ARIN.
- Geolocation: Toronto, Canada (CA-ON).
- Threat Indicators: No malicious indicators, blacklists, or known campaigns detected.
- Network Role: CloudCompute infrastructure (DigitalOcean).
2. Observation History
- Recent Activity:
- DNSSEC validation confirmed.
- BGP prefix tied to DigitalOceanβs ASN 14061.
- No recent threats or abnormal behavior noted.
- Historical Trends: No persistent malicious activity or ownership changes observed.
3. Relationships
- Network Associations:
- Linked to the subnet `143.198.32.0/20` (DigitalOcean).
- No connections to other malicious entities or organizations.
- Services: No open ports, TLS certificates, or HTTP services detected.
4. Subnet Analysis
- Neighborhood:
- No neighboring IPs reported in the /24 subnet.
- Subnet abuse density: 0% (no risky siblings identified).
- Provider Context:
- Part of a large cloud infrastructure block (DigitalOcean).
5. Recommendations
- Monitor: Track DNSBL listings (2 out of 8) for potential abuse.
- Firewall: Consider blocking the IP if it correlates with suspicious traffic patterns.
- Verify: Cross-check with internal logs to confirm no unauthorized access or service exposure.
- Contextualize: Given its association with a legitimate cloud provider, prioritize false positive verification over immediate mitigation.
Conclusion: This IP appears to be part of DigitalOceanβs infrastructure with no direct malicious activity. However, its DNSBL listings warrant closer inspection. SOC teams should monitor for anomalies while acknowledging the low-risk profile.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | DIGITALOCEAN-143-198-0-0 |
| CIDR Block | 143.198.0.0/16 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 43% | 2 | 5 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 30% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 25% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-04 06:34:53 UTC |
| Last Seen | 2026-06-21 11:10:42 UTC |
| Profile Built | 2026-06-21 11:15:25 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 22 |
Full dossier details are available via our API.