206.81.23.216
IP Intelligence Briefing: 206.81.23.216
Date: 2026-06-10
---
**1. Core Profile**
- Risk Score: Moderate (55/100)
- Provider: DigitalOcean (ASN 14061)
- Geolocation:
- Country: United States (US) / Germany (DE) [Inconsistent]
- City: Frankfurt am Main, Hesse
- Coordinates: Latitude 50.1169, Longitude 8.6837
- Network Role: Cloud Compute (DigitalOcean)
- Threat Indicators:
- No direct malware/campaign links.
- DNSBL Listings: Flagged by 3/8 blacklists (low-severity).
- BGP Stability: Route instability detected (unstable routing).
---
**2. Observation History**
- First Seen: 2026-06-01
- Key Trends:
- Geolocation Discrepancy: Confirmed as Germany (DE) but assigned US country code.
- DNSSEC Valid: True, but DNSBL listings suggest potential spam or abuse activity.
- Risk Stability: Minimal risk score (0.13) but inconsistent routing patterns.
---
**3. Network Relationships**
- Parent Network: `DIGITALOCEAN-206-81-0-0` (CIDR: 206.81.0.0/19)
- Subnet: 206.81.23.216/24
- Neighbors:
- High-Risk Neighbor: 206.81.23.7 (riskScore: 40).
- Subnet Abuse Density: 0.5 (mostly clean).
---
**4. Actionable Insights**
- SOC Recommendations:
- Monitor for unusual outbound traffic, especially to DNSBL-listed domains.
- Validate geolocation data for potential spoofing or misconfigurations.
- Review DigitalOcean security settings to restrict unnecessary access.
- Investigate routing instability (BGP) for potential network compromise.
- Firewall Rules (Example):
- Block traffic from 206.81.23.7 (high-risk neighbor).
- Apply strict access controls to the DigitalOcean subnet.
---
Conclusion:
This IP is a legitimate DigitalOcean cloud instance with moderate risk. While no direct malicious activity is detected, DNSBL flags and geolocation anomalies warrant further investigation. Prioritize monitoring for lateral movement or misconfigured services.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | DIGITALOCEAN-206-81-0-0 |
| CIDR Block | 206.81.0.0/19 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Caddy |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 21% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-25 12:42:17 UTC |
| Last Seen | 2026-06-29 01:38:55 UTC |
| Profile Built | 2026-06-29 01:57:35 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 21 |
Full dossier details are available via our API.