157.245.36.108
IP Intelligence Briefing: 157.245.36.108
*Generated via IPDebrief tools: Profile, History, Relationships, Neighbors*
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Provider: DigitalOcean, LLC (ASN 14061)
- Geolocation: London, England (US region flagged as plausible).
- Network Role: Cloud compute infrastructure (firewalled, no open services).
- Threat Indicators:
- Linked to leakix.org (DNS PTR hostname).
- Observed as a VPN proxy (proxycheck.io).
- Historical threats: 50+ pulses detected (AlienVault OTX).
---
**2. Observation History**
- Recent Activity (30 days):
- 1 high-severity signal (e.g., proxy detection).
- 21 total observations, including:
- VPN proxy classification.
- 50+ threat pulses (potential malware/C2 activity).
- DNS leaks tied to `leakix.org`.
- Trend: Increasing threat pulses over time.
---
**3. Relationships**
- Network:
- Subnet: `157.245.0.0/20` (DigitalOcean).
- No sibling IPs detected in /24 subnet.
- DNS:
- PTR hostname: `a93200c42e.scan.leakix.org` (linked to data leaks).
- Threat Associations:
- 50+ pulses from AlienVault OTX (e.g., malware, C2).
---
**4. Neighborhood Analysis**
- Subnet: `157.245.36.108/24`
- Abuse Density: 0% (no malicious IPs in subnet).
- Neighbors: No active or threatening sibling IPs detected.
---
**5. Recommendations**
1. Monitor DNS: Investigate `leakix.org` ties for potential data exfiltration.
2. Restrict Access: Apply firewall rules to block traffic from this IP (via `ipdebrief_actions`).
3. Threat Hunting: Correlate with other IPs in the DigitalOcean subnet for lateral movement.
4. Verify Proxy: Confirm if the VPN proxy is authorized or part of a compromise.
---
Conclusion: This IP is a DigitalOcean cloud host with moderate risk due to historical threat pulses and DNS leaks. While the subnet is clean, the association with leakix.org and proxy activity warrants closer scrutiny.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | a93200c42e.scan.leakix.org |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | a93200c42e.scan.leakix.org |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Multi-Service Host |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 443, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | lighttpd/1.4.59 |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u7 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 25% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:48 UTC |
| Last Seen | 2026-06-27 00:42:21 UTC |
| Profile Built | 2026-06-27 14:56:31 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 29 |
Full dossier details are available via our API.