162.243.114.126

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 162.243.114.126

Classification: Cloud Infrastructure / Low Risk with Neighborhood Contamination

Report Date: 2026-06-28

Risk Score: 25/100 (Low Risk)

---

## Executive Summary

IP address 162.243.114.126 is a DigitalOcean cloud infrastructure endpoint hosting web services. While the IP itself presents low-risk characteristics (risk score 25), the associated /24 subnet exhibits elevated abuse density (1.0) with one high-risk neighbor (162.243.114.171, risk score 80). The target hosts a South African-registered domain (do2.weexcel.co.za) on outdated Apache server software, presenting moderate vulnerability concerns. No active malicious campaigns detected.

---

## Network Infrastructure

Attribute	Value
Organization	DigitalOcean, LLC
ASN	14061
Location	Secaucus, NJ, US
Infrastructure Type	Cloud Compute / Web Server
CIDR Block	162.243.0.0/17
BGP Prefix	162.243.0.0/17 (Unstable routing)

---

## Service Analysis

Open Ports:

TCP/80 (HTTP)
TCP/443 (HTTPS)

Server Fingerprint:

Apache HTTP Server 2.2.27
OpenSSL 1.0.1e-fips
PHP 5.3.28

TLS Certificate Analysis:

Issuer: CN=tmp-ade573.xyz
Subject: CN=tmp-ade573.xyz
Subject Alternative Names: tmp-ade573.xyz, mail.tmp-ade573.xyz, www.tmp-ade573.xyz, webdisk.tmp-ade573.xyz, webmail.tmp-ade573.xyz
Certificate status: Self-signed or unusual issuer (requires validation)

DNS Resolution:

PTR Hostname: do2.weexcel.co.za
Forward Resolution: do2.weexcel.co.za
Domain Registration: co.za (South Africa)

---

## Threat Indicators

Indicator	Status
Risk Score	25 (Low)
DNS Blacklist	1 of 8 lists
Tor Exit Node	No
Known Attacker	No
Spam Source	No
Abuse Confidence	Not applicable
Known Campaigns	None

Control Plane Assessment:

Operator Score: 0.2609 (Basic)
DNSSEC: Valid
Route Stability: Unstable (routeChanges30d: 0)

---

## Neighborhood Analysis

Subnet: 162.243.114.126/24

Abuse Density: 1.0 (Critical)
Total Siblings: 2
Active Siblings: 2
Threat Siblings: 1

High-Risk Neighbor Identified:

IP: 162.243.114.171
Risk Score: 80
Authority Score: 60

Assessment: The target IP shares a subnet with confirmed malicious activity. While the target maintains a low individual risk score, the neighborhood contamination suggests potential lateral threat vectors or shared infrastructure risk.

---

## Historical Observations

Total Observations: 22

Recent Activity Timeline:

2026-06-28 02:45: Cloud infrastructure classification (DigitalOcean, hosting)
2026-06-20 00:43: HTTP 404 responses detected
2026-06-20 00:38: Operator score assessment (0.2609)

Geolocation Discrepancy:

Inferred Location: 39.83°N, -98.58°W (US)
Confidence: 0.325
RTT Violation: 25ms observed vs. 119.3ms minimum required for 5,966km distance

Assessment: Geolocation data shows significant inconsistency, suggesting the IP may be routed through multiple points or the inference models are unreliable.

---

## Relationship Graph

Total Relationships: 63

Primary Associations:

Network: DIGITALOCEAN-162-243-0-0 (multiple instances)
DNS: do2.weexcel.co.za

---

## Recommended Actions

Immediate:

Monitor subnet 162.243.114.126/24 for additional high-risk activity
Validate TLS certificate authenticity for tmp-ade573.xyz domain
Review outbound connections from 162.243.114.171 (high-risk neighbor)

Firewall Configuration:

No specific blocking recommendations generated based on current risk profile
Consider blocking high-risk neighbor 162.243.114.171 if within scope

Vulnerability Mitigation:

Apache 2.2.27 and OpenSSL 1.0.1e-fips are significantly outdated
Recommend service upgrade or replacement to address known CVEs

---

## Threat Intelligence Conclusion

IP 162.243.114.126 represents a low-risk cloud infrastructure endpoint with moderate infrastructure concerns. The primary intelligence value lies in neighborhood association with confirmed malicious activity (162.243.114.171, risk score 80). While the target IP itself shows no direct malicious indicators, SOC analysts should:

1. Monitor for lateral movement or shared infrastructure compromise

2. Verify TLS certificate legitimacy

3. Consider blocking high-risk neighbor if within organizational scope

4. Track any changes in DNS blacklist status or neighborhood abuse density

Confidence Level: Moderate

Campaign Association: None detected

Recommended Priority: Monitor

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	NY
City	New York
Timezone	—
Latitude	40.79
Longitude	-74.06

🏢 Ownership & Registration

Organization	DigitalOcean, LLC
ASN	AS14061
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	do2.weexcel.co.za
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`do2.weexcel.co.za`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	1/2 domains
DMARC	1/2 domains
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured
Domains Checked	2 domains

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
Closed Ports	22, 25, 3389, 8080, 8443 (2 open / 7 scanned)

Server	Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.3.28
HTTP Title	—

🔐 TLS Certificate

A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.

⚠️

CN=tmp-ade573.xyz

Issued by CN=tmp-ade573.xyz

Self-signed: Yes

SANs	tmp-ade573.xyzmail.tmp-ade573.xyzwww.tmp-ade573.xyzwebdisk.tmp-ade573.xyzwebmail.tmp-ade573.xyzcpanel.tmp-ade573.xyzautodiscover.tmp-ade573.xyzwhm.tmp-ade573.xyz
Valid From	2026-05-03T23:47:30+00:00
Valid Until	2027-05-03T23:47:30+00:00
TLS Protocol	Tls12
Cipher Suite	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	365 days
Serial Number	41877954
Thumbprint	0EB893E8FAB9513766C52DB8EE840D6F8B5F690D

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	26%	2	4
routing	8%	1	1
services	26%	2	3
ownership	20%	2	3
reputation	28%	1	3
geolocation	33%	2	3
Overall	24%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Moderate (55%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-15 20:46:57 UTC
Last Seen	2026-06-28 02:45:09 UTC
Profile Built	2026-06-28 20:49:14 UTC
Data Freshness	Live
Signal Types	23
Total Observations	28

🔍 23 signal types · 28 observations collected

This report is generated from 23+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

162.243.114.126📋 Copy