## IP Intelligence Briefing: 159.65.2.17/32
Classification: Moderate Risk (Score: 65)
Data Collection Date: 2026-06-20
Analysis Period: 22 signal observations
Executive Summary
IP 159.65.2.17 is a DigitalOcean cloud infrastructure host located in Singapore, operating as a web server with moderate risk indicators. The IP demonstrates proxy/VPN behavior in recent observations and is listed on 3 of 8 DNSBL feeds, though it operates within a clean subnet with no immediate threat siblings.
Network Profile
- ASN: 14061 (DigitalOcean, LLC)
- Organization: DigitalOcean, LLC
- Geolocation: Singapore (SG) β geoconsensus confirmed
- Infrastructure Type: Cloud Computing / Hosting
- Subnet Classification: Clean (abuse density: 0)
- Control Plane: BGP prefix 159.65.0.0/20; route stability: unstable
- DNSBL Status: Listed on 3 of 8 total lists
Technical Services
- Open Ports: 80/TCP (HTTP), 443/TCP (HTTPS), 22/TCP (SSH)
- Web Server: nginx/1.24.0 (Ubuntu)
- TLS Certificate: Let's Encrypt (CN=E8, O=Let's Encrypt, C=US)
- Domain Association: ct.200m.tech
- PTR Record: ct.200m.tech
Threat Indicators
- Risk Score: 65 (Moderate)
- Blacklist Count: 0
- Known Campaigns: None detected
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Abuse Confidence Score: Not available
Recent Signal (2026-06-20): Flagged as proxy/VPN behavior with risk score 66 (confidence: 0.85)
Neighborhood Analysis
Subnet: 159.65.2.17/24
- Total Siblings: 3
- Active Siblings: 1
- Threat Siblings: 0
- Risk Distribution: 2 low-risk, 0 medium/high-risk
- Neighbor IPs:
- 159.65.2.45 (Risk: 25, Authority: 50)
- 159.65.2.115 (Risk: 25, Authority: 50)
Historical Trend
- Observations: 22 total signals
- Threat Persistence: 0 days
- Ownership Changes: 0
- Geo Inconsistencies: Detected (some sources reported US coordinates)
- HTTP Headers: No CSP, HSTS, or HTTP/2 enabled
- SSL Status: Valid Let's Encrypt certificate
Relationship Graph
- 39 relationship entries identified
- Primary association: DIGITALOCEAN-159-65-0-0 network
Recommended Actions
Immediate:
- Monitor for proxy/VPN behavior (recent detection 2026-06-20)
- Review DNSBL listings for specific blocks
Firewall Rules:
- Allow HTTPS (443) and HTTP (80) for business services
- Restrict SSH (22) to authorized source IPs only
- Implement rate limiting based on observed proxy patterns
Investigation Priority: Medium
- No active malicious campaigns detected
- Subnet environment remains clean
- Focus on validating proxy behavior and DNSBL listings
---
*Generated by IPDebrief Intelligence Platform | Authorized Defensive Security Analysis*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ct.200m.tech |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | ct.200m.tech |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.24.0 (Ubuntu) |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
π TLS Certificate
| SANs | ct.200m.tech |
| Valid From | 2026-05-10T08:09:27+00:00 |
| Valid Until | 2026-08-08T08:09:26+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 05A6A3698AD89841A2E2F221847809BCAD66 |
| Thumbprint | 9191C5F0F867B707479BEC901AF0FEF2482E4F55 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 15% | 2 | 2 |
| Overall | 22% | 10 | 14 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-16 20:59:44 UTC |
| Last Seen | 2026-06-28 03:50:04 UTC |
| Profile Built | 2026-06-28 21:54:56 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.