104.168.159.150

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# Intelligence Briefing: 104.168.159.150

## Executive Summary

IP 104.168.159.150 is a low-risk hosting infrastructure address operated by Hostwinds (ASN 54290). The IP resolves to a web hosting environment serving geturbooking.com with standard web services and no active threat indicators.

## Profile Overview

Risk Score: 25 (Low Risk)
Provider: Hostwinds (Infrastructure: Colocation Hosting)
Reputation: Low Risk
Classification: Web Server / Hosting
Country: United States

## Technical Details

Network Block: 104.168.128.0/17
PTR Record: hwsrv-1327114.hostwindsdns.com
DNS Status: Forward confirmed (hostwindsdns.com)
Open Ports: 80/tcp (HTTP), 443/tcp (HTTPS), 22/tcp (SSH)
Web Server: nginx/1.24.0 (Ubuntu)
TLS Certificate: CN=geturbooking.com, O=Let's Encrypt, C=US

## DNS and Security Configuration

HSTS: Enabled
CSP: Enabled
HTTP/2: Enabled
DNSSEC: Valid
Email Auth: No SPF or DMARC records configured
DNSBL Status: Listed on 1 of 8 blacklists (dnsblListedCount: 1)

## Threat Assessment

Known Attacker: No
Tor Exit Node: No
Spam Source: No
Vulnerable/Abuse Indicators: None detected
Campaign Correlation: No associated campaigns
Blacklist Count: 0 (active blacklists)

## Historical Analysis

Analysis of 22 observations indicates stable operational patterns:

Recent Signals (June 2026): DNS associations with geturbooking.com and hostwindsdns.com
Provider Consistency: Hostwinds identification maintained across observations
Operator Score: 0.2609 (Basic classification)
Threat Persistence: 0 days (not persistently malicious)
Ownership Changes: 0 recorded

## Relationship Graph

The IP maintains associations with:

DNS Hostname: hwsrv-1327114.hostwindsdns.com (multiple entries)
Network: HOSTWINDS-17-7

## Subnet Neighborhood Analysis

Subnet: 104.168.159.150/24
Abuse Density: 1 (low)
Classification: mostly_clean
Active Siblings: 1
Threat Siblings: 1
High-Risk Neighbors: 0

## Recommended Actions

Based on risk score of 25 and absence of active threat indicators, no immediate blocking or mitigation actions are recommended. The IP represents a standard commercial hosting environment with expected security controls in place.

## Intelligence Narrative

The target IP 104.168.159.150 operates as a commercial web hosting service within a colocation infrastructure environment. DNS records confirm association with the geturbooking.com domain, serviced through Hostwinds hosting. The IP exhibits standard web server behavior with nginx serving HTTP/HTTPS traffic and SSH access configured. No malicious activity, known attacker patterns, or campaign correlations were identified in the observation history. The subnet demonstrates low abuse density with minimal threat sibling presence. While one DNSBL listing exists, it does not correlate with active threat indicators. The infrastructure maintains stable operational characteristics with no evidence of malicious repurposing.

Risk Level: LOW

Recommended Handling: Monitor as standard infrastructure

Priority: LOW

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	—
City	—
Timezone	—
Latitude	37.75
Longitude	-97.82

🏢 Ownership & Registration

Organization	HostPapa
ASN	AS54290
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	hwsrv-1327114.hostwindsdns.com
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`hwsrv-1327114.hostwindsdns.com`

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	0/2 domains
DMARC	0/2 domains
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured
Domains Checked	2 domains

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

Hosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
Closed Ports	25, 3389, 8080, 8443 (3 open / 7 scanned)

Server	nginx/1.24.0 (Ubuntu)
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16

🔐 TLS Certificate

🔒

CN=geturbooking.com

Issued by CN=YE2, O=Let's Encrypt, C=US

Self-signed: No

SANs	geturbooking.comwww.geturbooking.com
Valid From	2026-06-06T21:33:53+00:00
Valid Until	2026-09-04T21:33:52+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha384ECDSA
Validity Period	89 days
Serial Number	05B67908F96C8873EABB95CA3702AECA26EC
Thumbprint	472ED20AE16A97BB40E94AA0DCB46F8948EE8301

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	29%	2	4
routing	8%	1	1
services	30%	2	3
ownership	24%	2	3
reputation	26%	1	3
geolocation	19%	2	2
Overall	23%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-15 08:42:42 UTC
Last Seen	2026-06-28 01:57:15 UTC
Profile Built	2026-06-28 20:03:32 UTC
Data Freshness	Live
Signal Types	21
Total Observations	25

🔍 21 signal types · 25 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

104.168.159.150📋 Copy