142.93.220.184
# Threat Intelligence Briefing: 142.93.220.184
## Executive Summary
IP 142.93.220.184 operates as a web server infrastructure asset within the DigitalOcean cloud environment (ASN 14061), located in San Francisco, California. Current risk assessment indicates Moderate Risk (Score: 50) with no active threat indicators present in the profile. The IP maintains a DNS registration to appserver.kevalam.net and presents standard web services (HTTP/HTTPS/SSH).
## Ownership & Infrastructure
- Organization: DigitalOcean, LLC
- ASN: 14061 (ARIN Registry)
- Infrastructure Type: CloudCompute
- Geolocation: San Francisco, CA (37.77°N, 122.42°W)
- CIDR Block: 142.93.220.184/32
The IP operates within the 142.93.220.0/24 subnet, which shows low abuse density (0.0) and is classified as "mostly_clean" with only one neighbor IP (142.93.220.169) exhibiting a low risk score of 25.
## Network Services & DNS
- Open Ports: 80/TCP (HTTP), 443/TCP (HTTPS), 22/TCP (SSH)
- Web Server: nginx
- PTR Record: appserver.kevalam.net
- DNSSEC: Valid
- TLS Certificate: Issued by Hestia Control Panel (CN=appserver.kevalam.net, US)
The reverse DNS resolution is confirmed with one forward hostname mapping. No known malicious campaigns or threat feed matches detected.
## Threat Indicators & Reputation
Current threat assessment shows:
- Abuse Confidence Score: Not assigned
- Blacklist Count: 0 (0/8 DNSBL lists)
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
However, historical observation data from June 2026 indicates the IP has been observed on multiple blacklist listings with maximum severity "high" in one instance. Control plane analysis shows the IP is listed on 2 of 8 DNSBL lists with an operator score of 0.2609 labeled "Basic."
## Relationship Analysis
The IP maintains 82 relationships primarily within the same DigitalOcean network block (DIGITALOCEAN-142-93-0-0). No certificate-based or hostname-based correlations to external malicious entities were identified.
## Risk Timeline
Observation history contains 29 recorded signals over the monitoring period. Key temporal observations include:
- 2026-06-22: Multiple signal observations including blacklist listings (max severity: high)
- 2026-06-19: HTTP response analysis with HSTS headers enabled
- 2026-06-18: DNSSEC validation with basic operator score (0.2609)
The IP shows 0 threat persistence days and is not classified as persistently malicious.
## Recommended Actions
Based on the moderate risk profile (Score: 50) and historical blacklist activity, the following firewall rules are recommended:
| Platform | Configuration |
|---|---|
| iptables | `iptables -A INPUT -s 142.93.220.184 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 142.93.220.184 drop` |
| nginx | `deny 142.93.220.184;` |
| pfSense | `142.93.220.184/32` |
| Cloudflare WAF | Block with expression: `ip.src eq 142.93.220.184` |
| AWS WAF | Add address: `142.93.220.184/32` |
Note: These recommendations are probabilistic and should be combined with additional contextual signals before implementing blocking rules.
## Conclusion
IP 142.93.220.184 represents a cloud-hosted web server with moderate risk characteristics due to historical blacklist associations. While current threat indicators are absent, the combination of blacklist history and DNSBL listings warrants monitoring. The low abuse density in the immediate subnet (142.93.220.0/24) suggests this may be an isolated incident rather than part of a coordinated attack infrastructure.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | appserver.kevalam.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | appserver.kevalam.net |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.9 |
π TLS Certificate
CN=appserver.kevalam.net, OU=IT, O=Hestia Control Panel, L=San Francisco, S=California, C=US was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.| SANs | None |
| Valid From | 2024-12-13T03:45:31+00:00 |
| Valid Until | 2025-12-13T03:45:31+00:00 (expired) |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| Signature Algorithm | sha256RSA |
| Validity Period | 365 days |
| Serial Number | 76F01290F354D98DC45435E089CECF5D6CB02A25 |
| Thumbprint | 4FE0A1BE45469778E362F714A743FCB3C607EB3E |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 41% | 2 | 6 |
| routing | 8% | 1 | 1 |
| services | 25% | 2 | 4 |
| ownership | 20% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 25% | 10 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:03:43 UTC |
| Last Seen | 2026-06-26 23:25:14 UTC |
| Profile Built | 2026-06-27 19:39:36 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 34 |
Full dossier details are available via our API.