# THREAT INTELLIGENCE BRIEFING
Target: 161.35.8.199/32
Classification: Cloud Infrastructure Host
Risk Level: LOW (Score: 25/100)
Date of Analysis: June 2026
---
## EXECUTIVE SUMMARY
IP 161.35.8.199 is a DigitalOcean cloud compute host with minimal risk indicators. The address maintains a stable ownership profile within the DIGITALOCEAN-161-35-0-0 network block and exhibits no persistent malicious activity. Historical data indicates one DNSBL listing event with high severity, though current threat posture shows no active compromise indicators.
---
## OWNERSHIP & INFRASTRUCTURE
- Organization: DigitalOcean, LLC (ASN 14061)
- Network: DIGITALOCEAN-161-35-0-0 / 161.35.0.0/16
- Geolocation: United States, North Bergen, NJ
- Infrastructure Type: Cloud Compute (Cloud Hosting)
- Classification: Non-cdn, non-vpn, non-proxy, non-tor
---
## THREAT ASSESSMENT
- Risk Score: 25/100 (Low Risk)
- Abuse Confidence: Not elevated
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Status: 0 active listings (1 historical listing observed)
- Threat Feeds: No campaign correlations detected
---
## NETWORK SERVICES
- Open Ports: TCP/22 (SSH)
- Banner: SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
- TLS Certificate: None detected
- Hosted Domains: None
- PTR Records: None
---
## NEIGHBORHOOD ANALYSIS
- Subnet: 161.35.8.0/24
- Abuse Density: 0% (Clean)
- Risk Distribution: No high/medium risk neighbors detected
- Active Siblings: 1
- Threat Siblings: 1 (historical)
---
## OBSERVATION HISTORY
- Total Observations: 21
- Threat Persistence: Not persistently malicious
- Recent Signal Activity:
- Operator Score: 0.1304 (Minimal)
- DNSSEC: Valid
- DNSBL Listings: 1 out of 8 total checks
- Last Notable Event: DNSBL listing (high severity) on 2026-06-16
---
## RELATIONSHIP GRAPH
- Connected Entities: Network-level associations only (DIGITALOCEAN-161-35-0-0)
- No organizational links detected
- No certificate associations
---
## RECOMMENDATIONS
1. Allow List Consideration: Low-risk cloud host with established DigitalOcean infrastructure; consider whitelisting if traffic is legitimate
2. Monitor SSH Traffic: Port 22 is open; monitor for brute force attempts
3. No Immediate Action Required: Current threat indicators do not warrant blocking
4. Contextual Blocking: Only block if this IP is confirmed malicious in your specific threat context
---
## ANALYST NOTES
This IP represents typical cloud hosting behavior from DigitalOcean. The single historical DNSBL listing appears isolated and does not indicate ongoing malicious activity. The absence of port scanning activity, certificate associations, and organizational links suggests this is a standard cloud compute instance.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | DIGITALOCEAN-161-35-0-0 |
| CIDR Block | 161.35.0.0/16 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 21% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-30 10:58:14 UTC |
| Last Seen | 2026-06-29 07:32:08 UTC |
| Profile Built | 2026-06-29 07:34:34 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 20 |
Full dossier details are available via our API.