167.71.175.236
# IP INTELLIGENCE BRIEFING
Target: 167.71.175.236/32
Classification: Cloud Infrastructure Endpoint
Risk Level: Moderate Risk (Score: 50/100)
Report Generated: 2026-06-18
---
## EXECUTIVE SUMMARY
The IP address 167.71.175.236 is a DigitalOcean cloud compute instance operating from New Jersey, US. The endpoint demonstrates moderate risk characteristics with active DNSBL listings and associated hostname infrastructure. The IP resolves to a scan infrastructure domain (leakix.org) and maintains minimal threat indicators within its /24 neighborhood.
---
## OWNERSHIP AND INFRASTRUCTURE
- Organization: DigitalOcean, LLC (ASN: 14061)
- Network: DIGITALOCEAN-167-71-0-0
- Geolocation: United States, New Jersey, Clifton
- Infrastructure Type: CloudCompute
- Control Plane: Origin ASN 14061, BGP prefix 167.71.160.0/20
- Stability Status: Route stability flagged as false with no recent route changes (0 events/30 days)
---
## NETWORK SERVICES AND FINGERPRINTING
The endpoint operates standard web and administrative services:
- Port 80/tcp (HTTP): Served by lighttpd/1.4.59, HTTP/1.1
- Port 22/tcp (SSH): OpenSSH_8.4p1 Debian-5+deb11u7
- TLS Certificate: None detected
- Server Banner: lighttpd/1.4.59
- Status Code: 200
- Response Time: 53ms average
---
## DNS AND RESOLUTION PROFILE
- Reverse DNS (PTR): ca7e79b6df.scan.leakix.org
- Forward Resolution: Confirmed to same hostname
- DNSSEC: Valid
- Email Authentication: SPF and DMARC records present
- DNSBL Status: Listed on 2 of 8 threat feeds
- Operator Score: 0.2609 (Basic classification)
---
## THREAT INDICATORS
- Threat Indicators: None detected
- Known Attacker: False
- Spam Source: False
- Tor Exit Node: False
- Blacklist Count: 0
- Known Campaigns: None identified
- Campaign Likelihood: None
---
## OBSERVATION HISTORY
The IP generated 25 historical observations with the following temporal patterns:
- Latest Observation: 2026-06-18T23:32:06 UTC
- Historical Signals:
- DNSBL listings detected with high severity on 2026-06-18T23:32:01 UTC (1 of 8 lists)
- Operator score remained consistent at 0.2609 across multiple observations
- Geolocation signals consistently reported US with 35-60% confidence
- Threat Persistence: 0 days
- Ownership Changes: 0
---
## NETWORK RELATIONSHIPS
- Total Relationships: 54
- DNS Associations: ca7e79b6df.scan.leakix.org (multiple entries)
- Network Relationships: DIGITALOCEAN-167-71-0-0 subnet associations
- Organization Links: DigitalOcean, LLC
---
## NEIGHBORHOOD ANALYSIS
Subnet: 167.71.175.236/24
- Abuse Density: 0
- Risk Distribution: High: 0, Medium: 0, Low: 0
- Active Siblings: 1
- Threat Siblings: 1
- Overall Classification: Mostly clean
- Inherited Risk: 2
---
## SECURITY ACTIONS AND RECOMMENDATIONS
Based on the risk profile, the following defensive measures are recommended:
1. DNSBL Monitoring: The IP is listed on 2 DNSBL feeds with 8 total associations. Monitor for escalation to additional blacklists.
2. SSH Access: Port 22 is open with Debian 11 OpenSSH. Implement rate limiting and consider key-based authentication only.
3. Hostname Association: The reverse DNS resolves to a scan infrastructure domain (leakix.org). Verify this is intentional operational infrastructure.
4. Cloud Egress Filtering: As a DigitalOcean cloud instance, implement appropriate egress controls if the endpoint should not communicate externally.
5. Route Stability: The IP is not flagged for route stability. Monitor for any BGP or routing anomalies that could indicate infrastructure manipulation.
---
## RISK ASSESSMENT
The IP address demonstrates moderate risk primarily due to:
- Active DNSBL listings (2/8 feeds)
- Cloud hosting environment (DigitalOcean)
- Association with scan infrastructure hostname
However, the endpoint lacks:
- Known campaign affiliations
- Threat intelligence indicator matches
- High-severity abuse patterns
Recommended Action: Monitor with standard SOC procedures; no immediate blocking recommended absent additional threat indicators.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ca7e79b6df.scan.leakix.org |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ca7e79b6df.scan.leakix.org |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Multi-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 443, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | lighttpd/1.4.59 |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u7 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 27% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:03:52 UTC |
| Last Seen | 2026-06-27 01:35:42 UTC |
| Profile Built | 2026-06-27 23:43:08 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 30 |
Full dossier details are available via our API.