168.144.95.137
IP Intelligence Briefing: 168.144.95.137
*Last Updated: 2026-06-14*
---
**1. Core Profile**
- Risk Score: Moderate (50/100) | Provider: DigitalOcean
- Geolocation:
- Country: US (reported) / India (geolocation data)
- Region: Karnataka, City: Bengaluru
- Network Role: CloudCompute (DigitalOcean) | Hosting: Yes
- Services:
- Open Ports: HTTP (80), HTTPS (443), SSH (22)
- TLS Certificate: Valid (Let's Encrypt), SAN: `wmsapi.stackerbee.com`
- Server Banner: `nginx`
---
**2. Threat Indicators**
- Current Threats: None detected (no malware, phishing, or exploit indicators).
- Historical Signals:
- 2026-06-14: Minimal risk (operator score 0.2174), but 3/8 signals flagged as "threat" with 35+ pulse counts (potential misconfigurations).
- 2026-06-12: Similar minimal risk profile.
---
**3. Network Relationships**
- Subnet: `168.144.95.137/24`
- Neighbors:
- 168.144.95.207: Risk score 25 (low), authority score 50.
- Subnet Abuse Density: 0% (mostly clean).
---
**4. DNS & Security Configuration**
- DNS:
- SPF: Valid, DMARC: Not configured.
- No public email authentication records.
- TLS: Valid certificate with no self-signed flags.
- HTTP: Server banner `nginx`, status code 404 (likely misconfigured or non-existent page).
---
**5. Recommendations**
- Monitor: Track historical "threat" signals for potential misconfigurations.
- DNS: Enable DMARC to mitigate email spoofing risks.
- Server Hardening: Verify SSH configurations and ensure HTTP services are properly secured.
- Neighbor Analysis: Investigate `168.144.95.207` for potential lateral movement risks.
---
Conclusion: This IP is a legitimate DigitalOcean cloud server with no active malicious indicators. However, historical signals suggest past misconfigurations. SOC teams should focus on securing services and monitoring for anomalies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
π TLS Certificate
| SANs | wmsapi.stackerbee.com |
| Valid From | 2026-05-04T07:43:17+00:00 |
| Valid Until | 2026-08-02T07:43:16+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 058E50E236C3A43C7BC6F7576C71913075C8 |
| Thumbprint | EB4EA8DEE9FE789D58CC1C4761F2302EB10F01E3 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 23% | 2 | 4 |
| ownership | 17% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-12 15:46:59 UTC |
| Last Seen | 2026-06-27 21:36:17 UTC |
| Profile Built | 2026-06-28 15:40:50 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 28 |
Full dossier details are available via our API.