80.240.128.52
# IP Intelligence Briefing: 80.240.128.52/32
Date: 2026-06-26
IP Address: 80.240.128.52
Overall Risk Assessment: Moderate Risk (Score: 40/100)
## Executive Summary
IP 80.240.128.52 operates as a web server within DigitalOcean's Amsterdam infrastructure. The address demonstrates moderate risk characteristics with minimal threat indicators currently observed. The IP resolves to a DigitalOcean cloud instance with standard web services (HTTP/HTTPS) and SSH access. No active malicious campaigns or known attacker associations were identified.
## Technical Profile
Ownership & Network Infrastructure
- ASN: 14061
- Organization: DigitalOcean LLC
- Infrastructure Type: Cloud Compute
- Geolocation: Amsterdam, Netherlands (NL)
- CIDR Block: 80.240.128.0/20
- Network Classification: Cloud Hosting Provider
Services & Network Signatures
- Open Ports: 22 (SSH), 80 (HTTP), 443 (HTTPS)
- Server Fingerprint: Apache/2 (HTTP/1.1)
- TLS Certificate: Self-signed certificate (CN=localhost)
- Reverse DNS: cm15.bitchanger.org
- Forward Resolution: Confirmed (1 host)
Control Plane Data
- DNSBL Listings: 2 of 8 total lists
- Operator Score: 0.2609 (Basic)
- Route Stability: Unstable
- RPKI State: Not validated
## Threat Indicators
Current Threat Profile
- Abuse Confidence Score: Not assigned
- Known Attacker: False
- Spam Source: False
- Tor Exit Node: False
- Active Campaigns: None detected
- Blacklist Count: 0
Temporal Analysis
- Observation Count: 23 signals
- Threat Persistence Days: 0
- Ownership Changes: 0
- Is Persistently Malicious: False
- Latest Observation: 2026-06-26T13:10:00Z
Signal History
Recent observations indicate consistent geolocation inference pointing to Netherlands with RTT measurements averaging 109ms (minimum plausible 2.3ms). HTTP fingerprinting confirmed Apache/2 server with status code 200 responses. No significant signal degradation or escalation patterns observed within the observation window.
## Neighborhood Analysis
Subnet Context (80.240.128.0/24)
- Subnet Classification: Mostly Clean
- Abuse Density: 1
- Active Siblings: 1
- Threat Siblings: 1
- Inherited Risk Score: 2
Relationship Graph
- Total Relationships: 59
- Primary Associations: DigitalOcean network infrastructure
- DNS Associations: cm15.bitchanger.org
- Network Affiliations: US-DIGITALOCEANLLC-20081015
## Security Recommendations
Immediate Actions
1. Monitoring: Continue monitoring for SSH (port 22) brute force attempts typical of cloud hosting environments
2. DNSBL Review: Investigate the 2 DNSBL listings to determine listing reasons and potential remediation
3. TLS Validation: Verify self-signed certificate legitimacy if this IP is in your trust chain
Firewall Rules (iptables)
```bash
# Block DNSBL-listed connections (adjust based on specific lists)
iptables -A INPUT -s <dnsbl-ip-range> -j DROP
# Allow standard web traffic from known ranges
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Log SSH attempts for analysis
iptables -A INPUT -p tcp --dport 22 -j LOG
```
Additional Considerations
- Geolocation Validation: Geo validation plausible with 5 probe attempts
- Campaign Correlation: No certificate matches or correlated IPs detected
- Bogon Status: Not classified as bogon
- Mobile/Residential: Not mobile or residential traffic
## Conclusion
IP 80.240.128.52 represents a standard DigitalOcean cloud web server with moderate baseline risk. The presence of 2 DNSBL listings warrants investigation, but no active malicious behavior was observed. The subnet shows minimal abuse density with only 1 threat sibling. Recommended approach is continued monitoring rather than immediate blocking, with specific attention to DNSBL resolution and SSH access patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | digitalocean |
| ASN | AS14061 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | cm15.bitchanger.org |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | cm15.bitchanger.org |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Apache/2 |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_7.4 |
๐ TLS Certificate
| SANs | None |
| Valid From | 2021-09-24T09:39:42+00:00 |
| Valid Until | 2049-02-08T09:39:42+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| Signature Algorithm | sha256RSA |
| Validity Period | 9999 days |
| Serial Number | 00E901178B3E17BB5F |
| Thumbprint | 1CFCE17D0E70029FDB4C458706AFCF6C365AC224 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 6 |
| routing | 8% | 1 | 1 |
| services | 25% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 26% | 10 | 19 |
| Data Coherence | Mixed Signals (68%) โ 2 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ TLS certificate claims US but primary geo says NL
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-11 21:11:33 UTC |
| Last Seen | 2026-06-27 20:16:44 UTC |
| Profile Built | 2026-06-28 14:21:16 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 31 |
Full dossier details are available via our API.