170.64.143.13
IPDEBRIEF INTELLIGENCE BRIEFING
Target: 170.64.143.13/32
Classification: Moderate Risk Infrastructure Host
Generated: 2026-06-27
---
EXECUTIVE SUMMARY
Target IP 170.64.143.13 is a cloud infrastructure address operated by DigitalOcean, LLC (ASN 14061) located in Sydney, NSW, Australia. The address presents a moderate risk profile (score: 50) with no active threat indicators. Historical analysis indicates stable ownership with persistent cloud hosting classification. The subnet exhibits low abuse density, though one threat-related sibling IP was identified.
---
INFRASTRUCTURE PROFILE
- Organization: DigitalOcean, LLC
- ASN: 14061
- Geolocation: Sydney, NSW, Australia (AU)
- Infrastructure Type: Cloud (hosting provider)
- BGP Prefix: 170.64.128.0/18
- Route Stability: Stable (no route changes in 30 days)
- Operator Score: 0.1304 (Minimal)
- RIR Registry: ARIN
- Delegation Age: 4,979 days
---
THREAT INTELLIGENCE ASSESSMENT
Current Risk Status: Moderate Risk (Score: 50)
Threat Indicators:
- No active threat indicators detected
- Not listed as known attacker
- Not a Tor exit node
- Not identified as spam source
- No associated threat campaigns
Blacklist Status:
- DNSBL listed: 1 of 8 total lists
- Pulsedive risk score: Not applicable
Service Exposure:
- Open ports: None detected
- TLS certificates: None
- Hosted domains: 0
- HTTP title: Not available
- Service classification: Firewalled / No Services
---
TEMPORAL ANALYSIS
- Total Observations: 25 historical signals
- Recent Activity: Continuous monitoring from June 14-27, 2026
- Ownership Changes: 0 (stable ownership)
- Threat Persistence: 0 days (not persistently malicious)
- Threat Observation Count: 1 (historical)
Historical Signal Summary:
- June 27: Cloud infrastructure classification confirmed
- June 19: Subnet abuse density classified as "mostly_clean" (33.33% abuse density)
- June 14: Initial cloud provider identification
---
NETWORK RELATIONSHIPS
- Total Relationships: 31
- Primary Association: Same network (DIGITALOCEAN-170-64-128-0/18)
- All relationships indicate membership in DigitalOcean enterprise network infrastructure
---
SUBNET ANALYSIS (/24: 170.64.143.0/24)
- Abuse Density: 0.3333 (33.33%)
- Classification: Mostly Clean
- Total Siblings: 3
- Active Siblings: 3
- Threat Siblings: 1
Neighbor IPs:
- 170.64.143.77: Risk Score 25, Authority Score 50 (Low Risk)
- 170.64.143.78: Risk Score 25, Authority Score 50 (Low Risk)
---
NETWORK TOPOLOGY
Traceroute Analysis:
- Hop Count: 21
- Transit Networks: Comcast, NTT
- First Hop RTT: 3.4ms
- Last Hop RTT: 218.7ms
- Timeouts: 5 hops
DNS Resolution:
- PTR Hostnames: None
- Forward Resolution: Not confirmed
- Hosted Domains: 0
- Email Authentication: SPF/DMARC not configured
---
RECOMMENDATIONS
For SOC Teams:
1. Monitoring: Continue standard monitoring; no immediate blocking required
2. Classification: Treat as cloud infrastructure (DigitalOcean)
3. Geolocation: Sydney, Australia
4. Risk Tolerance: Moderate - acceptable for legitimate business traffic
Network Defense Actions:
- No immediate firewall rules recommended
- Standard cloud provider egress rules apply
- Monitor for any service exposure changes
Investigation Triggers:
- Any observed open port activity
- Connection to known malicious domains
- Evidence of command-and-control traffic
---
CONCLUSION
Target IP 170.64.143.13 represents a legitimate cloud infrastructure host within the DigitalOcean network. The address shows no active threat behavior, maintains stable ownership, and operates within a subnet classified as "mostly clean." SOC analysts should classify this as moderate risk infrastructure requiring standard monitoring protocols. The presence of one threat sibling IP in the subnet warrants continued observation but does not elevate the target's risk profile.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
| Enumeration | Path/resource enumeration | 1 |
๐ข Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | โ |
| CIDR Block | 170.64.128.0/18 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 22% | 2 | 4 |
| routing | 17% | 2 | 3 |
| services | 12% | 2 | 2 |
| ownership | 22% | 3 | 4 |
| reputation | 24% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 21% | 12 | 19 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-13 06:48:00 UTC |
| Last Seen | 2026-06-27 23:00:15 UTC |
| Profile Built | 2026-06-28 17:06:16 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 30 |
Full dossier details are available via our API.