149.102.144.215
# IP Intelligence Briefing: 149.102.144.215/32
Date: Current
Classification: Low Risk
Analyst: IPDebrief Intelligence Team
## Executive Summary
IP 149.102.144.215 presents as a low-risk web server infrastructure endpoint with minimal threat indicators. The IP operates as a Contabo-hosted web server within the Cogent Communications network infrastructure. While the endpoint itself shows low risk, the /24 subnet contains one threat-identified sibling IP, warranting monitoring of related addresses.
## Ownership and Infrastructure
- ASN: 51167
- Organization: Cogent Communications, LLC
- Network Provider: Contabo
- BGP Prefix: 149.102.144.0/21
- RIR: ARIN
- Geolocation: US (Portsmouth)
## Network Services
The endpoint exposes three open ports:
- Port 80/tcp: HTTP web server
- Port 443/tcp: HTTPS web server
- Port 22/tcp: SSH (OpenSSH_9.6p1 Ubuntu-3ubuntu13.16)
Web Server Stack:
- Server: Tengine
- TLS Certificate: Let's Encrypt (R12 issuer)
- Certificate Subject: hotspot.lipanet.co.ke
- HTTP/2 enabled
- HSTS header present
## DNS Analysis
- PTR Hostname: lipanet.co.ke
- Forward Resolution: lipanet.co.ke (co.ke domain)
- Email Security: SPF and DMARC records absent
- TXT Records: None detected
## Threat Indicators
- Risk Score: 25 (Low Risk)
- Abuse Confidence Score: Not available
- Blacklist Count: 0
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Known Campaigns: None
Control Plane Indicators:
- DNSBL Listed: 1 of 8 lists checked
- Operator Score: 0.2609 (Basic)
- Route Stability: False
## Neighborhood Analysis
- Subnet: 149.102.144.0/24
- Abuse Density: 1
- Classification: Mostly clean
- Active Siblings: 1
- Threat Siblings: 1
- Inherited Risk: 2
One adjacent IP in the /24 subnet has been flagged for threat activity.
## Relationship Graph
The IP maintains 45 recorded relationships, primarily:
- DNS associations with lipanet.co.ke
- Network associations with COGENT-149-102-16
## Observation History
- Total Observations: 23
- Threat Persistence Days: 0
- Is Persistently Malicious: No
- Recent Signals: HTTP/2 headers, HSTS present, DNSSEC validation checks
- Last Observed: June 2026
## Security Recommendations
Immediate Actions:
1. Monitor Sibling IPs: The /24 subnet contains one threat-identified sibling IP. Add 149.102.144.0/24 to monitoring watchlist.
2. DNS Security Gap: Verify SPF and DMARC records for co.ke domain.
3. SSH Exposure: Port 22 is open. Confirm this is intentional and consider restricting access.
Firewall Rules (Recommended):
```bash
# Block if SSH should not be accessible
iptables -A INPUT -p tcp --dport 22 -j DROP
# Allow HTTP/HTTPS with rate limiting
iptables -A INPUT -p tcp --dport 80 -m limit --limit 10/min -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -m limit --limit 10/min -j ACCEPT
```
Monitoring Priority: LOW
The endpoint itself does not require immediate blocking. Focus monitoring efforts on the sibling threat IP within the same subnet.
---
Data Sources: IPDebrief Intelligence Platform
Confidence Level: Moderate
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cogent Communications, LLC |
| ASN | AS51167 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | lipanet.co.ke |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | lipanet.co.ke |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Tengine |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
π TLS Certificate
CN=hotspot.lipanet.co.ke was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.| SANs | hotspot.lipanet.co.ke |
| Valid From | 2026-03-22T20:35:00+00:00 |
| Valid Until | 2026-06-20T20:34:59+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 06FB5CC3AFCD62EEAA1573D07870DA8F6059 |
| Thumbprint | F49E2F5548DD8493C7E96F60E3EC1760712543A9 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-21 14:56:15 UTC |
| Last Seen | 2026-06-28 13:41:09 UTC |
| Profile Built | 2026-06-29 01:43:48 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 26 |
Full dossier details are available via our API.