159.223.192.63

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target: 159.223.192.63/32

Classification: LOW RISK

Date: 2026-06-29

## EXECUTIVE SUMMARY

IP address 159.223.192.63 is a low-risk cloud compute endpoint hosted on DigitalOcean infrastructure. The IP exhibits normal cloud hosting patterns with no active threat indicators, blacklist entries, or known malicious activity. The asset appears to be a standard web hosting endpoint with minimal operational risk.

## OWNERSHIP AND INFRASTRUCTURE

Organization: DigitalOcean, LLC (ASN: 14061)
Network: DO-13 (159.223.0.0/16)
Infrastructure Type: Cloud Compute
Geolocation: United States (California/Santa Clara region)
Registration: ARIN registry

## NETWORK SIGNATURES

Open Ports: 80/tcp (HTTP), 443/tcp (HTTPS), 22/tcp (SSH)
Web Server: nginx/1.24.0 (Ubuntu)
TLS Certificate: Let's Encrypt (CN=test-web.britanialab.com)
Certificate Status: Valid (self-signed: false)

## THREAT ASSESSMENT

Risk Score: 25 (Low Risk)
Abuse Confidence Score: Not applicable
Blacklist Count: 0
Threat Feeds: None
Known Campaigns: None detected
Tor Exit Node: No
Known Attacker: No

## CONTROL PLANE ANALYSIS

BGP Prefix: 159.223.192.0/20
DNSBL Listings: 1 of 8 lists
Operator Score: 0.1304 (Minimal)
Route Stability: Unstable (route_changes_30d: 0)
RPKI State: Not validated
DNSSEC: Valid

## NEIGHBORHOOD CONTEXT

Subnet: 159.223.192.63/24
Abuse Density: 1 (mostly_clean classification)
Threat Siblings: 1
Active Siblings: 1
Inherited Risk: 2

## OBSERVATION HISTORY (21 RECORDS)

Recent activity indicates normal operational patterns:

June 29, 2026: SSL certificate updates observed via crt-sh
June 21, 2026: HTTP 403 responses, nginx server fingerprinting
Geolocation: US (39.83, -98.58) with 65% confidence via multi-signal inference
Threat Persistence: 0 days (not persistently malicious)

## NETWORK RELATIONSHIPS

Primary Network: DO-13 (159.223.x.x)
External Relationships: None identified beyond network boundaries
Associated Hostnames: test-web.britanialab.com (via TLS certificate)

## SECURITY RECOMMENDATIONS

Based on current risk profile, no immediate blocking or firewall rules are required. The IP demonstrates standard cloud hosting behavior with appropriate security controls:

SPF and DMARC records present
Standard web server configuration
No evidence of exploitation or abuse

Assessment: This IP represents a legitimate cloud compute endpoint. No defensive action required at this time.

---

*Report generated by IPDebrief Intelligence Platform*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	CA
City	Santa Clara
Timezone	—
Latitude	37.39
Longitude	-121.96

🏢 Ownership & Registration

Organization	DigitalOcean, LLC
ASN	AS14061
Network Name	DO-13
CIDR Block	159.223.0.0/16
RIR	ARIN
Country	United States
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Present
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	nginx/1.24.0 (Ubuntu)
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16

🔐 TLS Certificate

🔒

CN=test-web.britanialab.com

Issued by CN=YE1, O=Let's Encrypt, C=US

Self-signed: No

SANs	test-web.britanialab.com
Valid From	2026-06-02T22:17:02+00:00
Valid Until	2026-08-31T22:17:01+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha384ECDSA
Validity Period	89 days
Serial Number	06FD819B574D7FA02BAA70A87C9B866EE910
Thumbprint	9B6EAA3FC86937FD31B79E1FEB779E1F912A935B

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	4
routing	13%	1	1
services	35%	2	3
ownership	27%	2	3
reputation	22%	1	3
geolocation	28%	2	3
Overall	25%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-29 05:54:40 UTC
Last Seen	2026-06-29 06:07:27 UTC
Profile Built	2026-06-29 06:10:13 UTC
Data Freshness	Live
Signal Types	21
Total Observations	21

🔍 21 signal types · 21 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

159.223.192.63📋 Copy