206.189.134.35
# IP INTELLIGENCE BRIEFING: 206.189.134.35/32
Classification: LOW RISK | Provider: DigitalOcean, LLC | Jurisdiction: India (Bengaluru)
---
## EXECUTIVE SUMMARY
Target IP 206.189.134.35/32 presents a low-risk threat profile with a risk score of 25. The address is associated with DigitalOcean cloud infrastructure and operates in Bengaluru, India. While the IP is currently classified as low-risk, it shows DNSBL listing activity and exhibits some historical threat correlation signals. No active malicious campaigns or known attacker indicators were observed.
---
## NETWORK OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **Organization** | DigitalOcean, LLC (ASN 14061) |
| **Geolocation** | Bengaluru, Karnataka, India (IN) |
| **Infrastructure Type** | CloudCompute |
| **Network Role** | Single-Service Host |
| **ISP/Provider** | DigitalOcean |
The IP is provisioned on DigitalOcean's cloud platform within AS14061. The network prefix originates from the 206.189.128.0/20 block. Route stability analysis indicates the prefix has experienced route changes within the past 30 days.
---
## THREAT ASSESSMENT
Current Risk Profile:
- Risk Score: 25/100 (Low Risk)
- Abuse Confidence: Not elevated
- Known Attacker Status: Negative
- Tor Exit Node: No
- Spam Source: No
- Blacklist Count: 0 active lists
- DNSBL Listings: 1 out of 8 total lists
Services Exposed:
- Port 22/tcp (SSH): Open with banner SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
No TLS certificates, HTTP services, or email authentication records (SPF/DMARC) were observed for this address.
---
## OBSERVATION HISTORY ANALYSIS
The IP has been observed across 21 signal events spanning the monitoring period. Key historical indicators include:
- June 15, 2026: Multiple threat-related signals detected with DigitalOcean ASN confirmation and Bengaluru geolocation correlation
- June 20, 2026: Recent observations showing "Minimal" operator score (0.1304) and low confidence threat indicators
- Threat Persistence: 0 days observed; not classified as persistently malicious
- Ownership Stability: No ownership changes detected
Historical data indicates transient threat correlation with 14 pulse matches in earlier observations, though current status shows de-escalation of threat signals.
---
## SUBNET NEIGHBORHOOD ANALYSIS
Subnet: 206.189.134.0/24
- Abuse Density: 1 (low)
- Subnet Classification: Mostly Clean
- Active Siblings: 1
Notable Neighbor:
- 206.189.134.82/32: Risk Score 0 (Low Risk), Authority Score 50
The /24 subnet demonstrates minimal abuse concentration with no high-risk or medium-risk neighbors identified.
---
## RELATIONSHIP GRAPH
The IP maintains 14 relationship links, predominantly "Same Network" associations to the DIGITALOCEAN-206-189-0-0 network prefix. No interconnectivity with external organizations, hostnames, or certificate authorities was identified.
---
## RECOMMENDED ACTIONS
Firewall/Security Configuration:
```bash
# Minimal blocking recommended - low risk profile
# Consider monitoring if threat correlation increases
# Allow SSH with rate limiting
iptables -A INPUT -p tcp --dport 22 -m recent --name ssh_limit --update --seconds 60 --hitcount 5 -j DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Log and monitor DNSBL activity
iptables -A INPUT -p tcp --dport 53 -j LOG --log-prefix "DNSBL_CHECK: "
```
SOC Monitoring Priorities:
1. Monitor for escalation in DNSBL listings
2. Track SSH connection patterns for brute force attempts
3. Correlate with DigitalOcean abuse feeds for network-wide campaigns
4. Review if route instability correlates with security incidents
---
## CONCLUSION
IP 206.189.134.35/32 is a legitimate cloud infrastructure endpoint on DigitalOcean with low-risk characteristics. While DNSBL listing activity warrants monitoring, the overall threat profile does not indicate active malicious use. SOC analysts should maintain routine observation rather than immediate blocking, with escalation triggers for increased threat correlation or DNSBL proliferation.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 24% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 21% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 03:35:49 UTC |
| Last Seen | 2026-06-28 08:24:13 UTC |
| Profile Built | 2026-06-29 02:28:22 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 23 |
Full dossier details are available via our API.