67.55.189.211
INTELLIGENCE BRIEFING: IP 67.55.189.211
Classification: High Risk β Defensive Action Recommended
Date: 2026-06-23
Analyst: IPDebrief Intelligence Team
---
EXECUTIVE SUMMARY
IP 67.55.189.211 presents a high-risk profile (80/100) with evidence of blacklist listing activity across 5 of 8 DNSBL feeds. The address is associated with Aureon Network Services (ASN 5056) and operates as a web server infrastructure component in San Jose, CA. Despite the provider-level risk classification, the IP shows mixed signals with 25 historical observations and minimal operator threat score (0.1304).
OWNERSHIP & GEOLOCATION
- ASN: 5056 β Aureon Network Services
- Network: 67.55.128.0/17 (AUREON-BLK12)
- Location: San Jose, California, United States
- RIR: ARIN
- Geographic Consensus: Validated across multiple sources
SERVICE FINGERPRINT
- Open Ports: TCP/80 (HTTP), TCP/443 (HTTPS), TCP/22 (SSH)
- Web Server: lighttpd/1.4.54
- SSH Banner: dropbear with curve25519 key exchange
- TLS Certificate: Issued to UBNT-F4:E2:C6:94:F4:A8 (Ubiquiti Networks Inc., San Jose, CA)
- PTR Record: wllk99-129-211.dsl.netins.net
THREAT INDICATORS
- Risk Score: 80/100 (High)
- DNSBL Listings: 5 of 8 total blacklists
- Abuse Confidence: Not explicitly quantified but elevated by blacklist activity
- Known Campaigns: None detected
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
CONTROL PLANE ANALYSIS
- BGP Prefix: 67.55.128.0/17
- Route Stability: Unstable (isRouteStable: false)
- Route Changes (30d): 0
- Moas Detection: No
- RPKI State: Not configured
- DNSSEC: Valid
HISTORICAL OBSERVATION TRENDS
- Total Observations: 25
- Recent Activity: June 2026 timeframe observations recorded
- Threat Persistence: 0 days
- Ownership Changes: 0
- Signal Evolution: Multiple observation types including DNSBL listings, HTTP response analysis, geolocation inference, and control plane metrics
NEIGHBORHOOD CONTEXT
- Subnet: 67.55.189.211/24
- Abuse Density: 0 (Low)
- Classification: Mostly clean
- Active Siblings: 1
- Threat Siblings: 1
- Inherited Risk: 2/100
ENTITY RELATIONSHIPS
- Total Relationships: 56
- Primary Association: Multiple Same Network relationships to AUREON-BLK12
- Related Entities: Networks, hostnames, organizations identified through relationship graph
---
RECOMMENDED ACTIONS
IMMEDIATE (Critical Severity):
1. Block at Perimeter: Implement firewall rules to block inbound traffic from 67.55.189.211
2. Increase Logging: Enable verbose logging for all traffic sessions involving this IP
3. Review Recent Activity: Audit logs for any outbound connections initiated to this address
IMPLEMENTATION RULES:
- iptables: `iptables -A INPUT -s 67.55.189.211 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 67.55.189.211 drop`
- Nginx: `deny 67.55.189.211;`
- Cloudflare WAF: Block IP with expression `ip.src eq 67.55.189.211`
- AWS WAF: Add 67.55.189.211/32 to IPSet and associate with block action
---
ASSESSMENT NOTES
While the IP demonstrates high-risk characteristics through DNSBL listing activity, the neighborhood context shows low abuse density within the /24 subnet. The Ubiquiti TLS certificate suggests this may be residential or small business infrastructure rather than enterprise hosting. Route instability in the BGP prefix warrants monitoring but does not confirm malicious intent. SOC teams should treat as high-risk and apply blocking controls while maintaining awareness of the minimal operator threat score.
CONFIDENCE LEVEL: Moderate β Multiple data sources support risk classification; historical consistency suggests persistent behavior pattern.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Aureon Network Services |
| ASN | AS5056 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | wllk99-129-211.dsl.netins.net |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | wllk99-129-211.dsl.netins.net |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | lighttpd/1.4.54 |
| HTTP Title | β |
| SSH Version | SSH-2.0-dropbear T n?{{??>?RC ?d?curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-grou |
π TLS Certificate
| SANs | UBNT-F4:E2:C6:94:F4:A8 |
| Valid From | 2019-01-01T00:00:00+00:00 |
| Valid Until | 2038-01-01T00:00:00+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 6940 days |
| Serial Number | 36312C2F |
| Thumbprint | 893DAB15A0935EC4A6CE3315FBA95891AA277499 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 37% | 2 | 5 |
| ownership | 20% | 2 | 3 |
| reputation | 21% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 23% | 10 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:33 UTC |
| Last Seen | 2026-06-26 14:31:58 UTC |
| Profile Built | 2026-06-23 20:45:04 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 25 |
Full dossier details are available via our API.