159.65.2.17

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## IP Intelligence Briefing: 159.65.2.17/32

Classification: Moderate Risk (Score: 65)

Data Collection Date: 2026-06-20

Analysis Period: 22 signal observations

Executive Summary

IP 159.65.2.17 is a DigitalOcean cloud infrastructure host located in Singapore, operating as a web server with moderate risk indicators. The IP demonstrates proxy/VPN behavior in recent observations and is listed on 3 of 8 DNSBL feeds, though it operates within a clean subnet with no immediate threat siblings.

Network Profile

ASN: 14061 (DigitalOcean, LLC)
Organization: DigitalOcean, LLC
Geolocation: Singapore (SG) — geoconsensus confirmed
Infrastructure Type: Cloud Computing / Hosting
Subnet Classification: Clean (abuse density: 0)
Control Plane: BGP prefix 159.65.0.0/20; route stability: unstable
DNSBL Status: Listed on 3 of 8 total lists

Technical Services

Open Ports: 80/TCP (HTTP), 443/TCP (HTTPS), 22/TCP (SSH)
Web Server: nginx/1.24.0 (Ubuntu)
TLS Certificate: Let's Encrypt (CN=E8, O=Let's Encrypt, C=US)
Domain Association: ct.200m.tech
PTR Record: ct.200m.tech

Threat Indicators

Risk Score: 65 (Moderate)
Blacklist Count: 0
Known Campaigns: None detected
Tor Exit Node: No
Known Attacker: No
Spam Source: No
Abuse Confidence Score: Not available

Recent Signal (2026-06-20): Flagged as proxy/VPN behavior with risk score 66 (confidence: 0.85)

Neighborhood Analysis

Subnet: 159.65.2.17/24

Total Siblings: 3
Active Siblings: 1
Threat Siblings: 0
Risk Distribution: 2 low-risk, 0 medium/high-risk
Neighbor IPs:

- 159.65.2.45 (Risk: 25, Authority: 50)

- 159.65.2.115 (Risk: 25, Authority: 50)

Historical Trend

Observations: 22 total signals
Threat Persistence: 0 days
Ownership Changes: 0
Geo Inconsistencies: Detected (some sources reported US coordinates)
HTTP Headers: No CSP, HSTS, or HTTP/2 enabled
SSL Status: Valid Let's Encrypt certificate

Relationship Graph

39 relationship entries identified
Primary association: DIGITALOCEAN-159-65-0-0 network

Recommended Actions

Immediate:

Monitor for proxy/VPN behavior (recent detection 2026-06-20)
Review DNSBL listings for specific blocks

Firewall Rules:

Allow HTTPS (443) and HTTP (80) for business services
Restrict SSH (22) to authorized source IPs only
Implement rate limiting based on observed proxy patterns

Investigation Priority: Medium

No active malicious campaigns detected
Subnet environment remains clean
Focus on validating proxy behavior and DNSBL listings

---

*Generated by IPDebrief Intelligence Platform | Authorized Defensive Security Analysis*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇸🇬 Singapore
Region	CT
City	Singapore
Timezone	—
Latitude	1.31
Longitude	103.68

🏢 Ownership & Registration

Organization	DigitalOcean, LLC
ASN	AS14061
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	ct.200m.tech
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)
Forward Hostnames	`ct.200m.tech`

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	nginx/1.24.0 (Ubuntu)
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16

🔐 TLS Certificate

🔒

CN=ct.200m.tech

Issued by CN=E8, O=Let's Encrypt, C=US

Self-signed: No

SANs	ct.200m.tech
Valid From	2026-05-10T08:09:27+00:00
Valid Until	2026-08-08T08:09:26+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha384ECDSA
Validity Period	89 days
Serial Number	05A6A3698AD89841A2E2F221847809BCAD66
Thumbprint	9191C5F0F867B707479BEC901AF0FEF2482E4F55

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	39%	2	3
routing	8%	1	1
services	28%	2	3
ownership	20%	2	3
reputation	22%	1	2
geolocation	15%	2	2
Overall	22%	10	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Geo sources disagree on country: SG, US

📅 Observation Timeline 🔄 Live

First Seen	2026-05-16 20:59:44 UTC
Last Seen	2026-06-28 03:50:04 UTC
Profile Built	2026-06-28 21:54:56 UTC
Data Freshness	Live
Signal Types	22
Total Observations	25

🔍 22 signal types · 25 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

159.65.2.17📋 Copy