# IP Intelligence Briefing: 159.65.151.189/32
Classification: Moderate Risk - Cloud Infrastructure
Date: Analysis generated from current threat intelligence
Risk Score: 40/100
---
## Executive Summary
IP address 159.65.151.189 is a DigitalOcean cloud computing host located in Bengaluru, India. The address exhibits moderate risk characteristics with one DNSBL listing and persistent threat observations. No active malicious campaigns or known attacker indicators were identified.
## Infrastructure Profile
Ownership & Location:
- ASN: 14061 (DigitalOcean, LLC)
- Network: DIGITALOCEAN-159-65-0-0
- Location: Karnataka, Bengaluru, India (IN)
- Infrastructure Type: CloudCompute
- Hosting Provider: DigitalOcean
Network Services:
- Open Port: 22/tcp (SSH)
- SSH Banner: SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
- No TLS certificates detected
- No hosted domains
Control Plane Assessment:
- Route Stability: Not stable
- Operator Score: 0.1304 (Minimal)
- DNSBL Listings: 1 of 8 total lists
- RPKI State: Not validated
- IRR Consistency: Not assessed
## Threat Indicators
Current Status:
- Abuse Confidence Score: Not available
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Active Campaigns: None detected
- Blacklist Count: 0 (active)
Historical Threat Signals:
- 22 total observations recorded
- Previous DNSBL activity detected on 2026-06-19
- Listings found on 8 DNSBLs with 2 high-severity categories
- No correlated IPs or certificate matches in campaign analysis
## Neighborhood Analysis
/24 Subnet (159.65.151.0/24):
- Classification: Mostly clean
- Abuse Density: 1 (low)
- Inherited Risk: 2 (minimal)
- Total Siblings: 1
- Active Siblings: 1
- Threat Siblings: 1
The subnet shows minimal neighborhood risk with no significant threat distribution among sibling addresses.
## Security Actions
Recommended Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 159.65.151.189 -j DROP
# nftables
nft add rule inet filter input ip saddr 159.65.151.189 drop
# nginx
deny 159.65.151.189;
# pfSense
159.65.151.189/32
# Cloudflare WAF
{"description":"Block 159.65.151.189 โ IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 159.65.151.189"}}
# AWS WAF
{"Addresses":["159.65.151.189/32"],"Description":"IPDebrief risk 40"}
```
## Timeline Analysis
Key Observation Points:
- 2026-06-28: Recent observation confirming cloud infrastructure classification
- 2026-06-19: DNSBL listing activity detected with high-severity categories
Temporal Risk Assessment:
- Threat Persistence: 0 days
- Is Persistently Malicious: No
- Ownership Changes: 0
## Intelligence Assessment
This IP address represents a moderate-risk cloud hosting environment. The single DNSBL listing and historical abuse activity warrant defensive posture adjustments. However, the absence of active threat indicators, known campaigns, or neighborhood abuse patterns suggests this may be a compromised hosting environment or previously flagged infrastructure that has since been remediated.
Recommendation: Implement blocking rules at perimeter firewalls and WAFs. Monitor for recurrence of DNSBL listings or new threat indicators. No immediate escalation required based on current profile.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-14 19:28:10 UTC |
| Last Seen | 2026-06-28 01:16:16 UTC |
| Profile Built | 2026-06-28 19:20:55 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 22 |
Full dossier details are available via our API.