206.189.2.13

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target: 206.189.2.13/32

Classification: Low Risk / Cloud Infrastructure

Date: 2026-06-23

## EXECUTIVE SUMMARY

IP 206.189.2.13 is a DigitalOcean cloud compute instance located in Amsterdam, Netherlands (NL), operating as a multi-service host with minimal threat indicators. Risk score: 25/100. No active malicious campaigns detected.

## INFRASTRUCTURE PROFILE

Organization: DigitalOcean, LLC (ASN: 14061)
Geolocation: Amsterdam, North Holland, NL (52.13°N, 5.29°E)
Infrastructure Type: CloudCompute / Hosting
Control Plane: BGP prefix 206.189.0.0/20, route stable (30-day route changes: 0)
Service Purpose: Multi-Service Host

## NETWORK SERVICES

Open Ports: TCP/80 (HTTP), TCP/22 (SSH)
Server Banner: lighttpd/1.4.59
SSH Version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u6
TLS Certificate: Not configured
HTTP Status: 200 OK

## DNS & IDENTIFICATION

PTR Hostname: fb65c10da2.scan.leakix.org
Resolved Domain: leakix.org
DNSBL Status: 1 listing out of 8 total blacklists
Email Auth: SPF configured, DMARC configured

## THREAT INDICATORS

Risk Score: 25 (Low Risk)
Abuse Confidence: Not applicable
Known Attacker: False
Spam Source: False
Tor Exit: False
Campaign Associations: None detected
Cert Matches: 0
Correlated IPs: 0

## NEIGHBORHOOD ANALYSIS

Subnet: 206.189.2.13/24
Abuse Density: 1
Classification: Mostly Clean
Sibling IPs: 1 active sibling, 1 threat sibling identified
Inherited Risk: 2

## OBSERVATION HISTORY

Total Observations: 27

Key temporal signals:

2026-06-23: Geo validation confirmed (RTT avg: 103.6ms, distance: 114.5km); DNSBL listing activity observed
2026-06-19: Port scanning activity (ports 80, 22 scanned); Server fingerprinting confirmed (lighttpd/1.4.59); Subnet abuse density assessed as 1
Threat Persistence: 0 days; Not persistently malicious

## RELATIONSHIP GRAPH

Total Relationships: 44
Primary Associations: Same Network (DIGITALOCEAN-206-189-0-0)
DNS Associations: leakix.org hostname resolved
Network Classifications: Multiple DigitalOcean network references

## RECOMMENDED ACTIONS

Based on risk profile and threat indicators:

1. Monitoring: No immediate blocking required. IP classified as low risk.

2. Allow Rules: Permitted for standard traffic if organizational policy allows DigitalOcean cloud traffic.

3. Firewall: No specific iptables/nftables rules recommended.

4. WAF: No WAF blocking rules required.

5. Threat Hunting: Monitor for anomalous behavior patterns consistent with cloud hosting abuse.

## CONCLUSION

IP 206.189.2.13 represents a standard DigitalOcean cloud infrastructure asset with no significant threat indicators. The single DNSBL listing and presence of 1 threat sibling in the /24 subnet warrant situational awareness but do not justify blocking. Treat as low-risk cloud infrastructure; standard monitoring applies.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇳🇱 Netherlands
Region	North Holland
City	Amsterdam
Timezone	Europe/Amsterdam
Latitude	52.13
Longitude	5.29

🏢 Ownership & Registration

Organization	DigitalOcean, LLC
ASN	AS14061
Network Name	—
CIDR Block	206.189.0.0/20
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	fb65c10da2.scan.leakix.org
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`fb65c10da2.scan.leakix.org`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Multi-Service Host
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u6
Closed Ports	25, 443, 3389, 8080, 8443 (2 open / 7 scanned)

Server	lighttpd/1.4.59
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u6

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	33%	2	4
routing	24%	2	3
services	30%	2	3
ownership	35%	3	5
reputation	28%	1	3
geolocation	35%	2	3
Overall	31%	12	21

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:10 UTC
Last Seen	2026-06-27 04:00:56 UTC
Profile Built	2026-06-27 22:07:32 UTC
Data Freshness	Live
Signal Types	26
Total Observations	33

🔍 26 signal types · 33 observations collected

This report is generated from 26+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

206.189.2.13📋 Copy