207.154.230.149
Intelligence Briefing: IP Address 207.154.230.149/32
Overview:
The IP address 207.154.230.149/32 was observed in a network environment monitored by IPDebrief's intelligence tools. This address was assigned to a specific host within a larger network, primarily used for hosting web services.
Domain and Hosting Information:
- Domain Name: The IP address was associated with multiple domain names, predominantly in the .com and .net top-level domains.
- Hosting Provider: The IP was linked to a well-known web hosting service provider. This provider hosts a variety of websites, including e-commerce platforms and informational sites.
Observation History:
- Traffic Patterns: The IP exhibited typical web server traffic patterns, with significant inbound HTTP and HTTPS traffic during peak hours. This traffic was consistent with legitimate web service operations.
- Geolocation: The IP was geolocated to a data center in the United States, specifically in the region known for hosting large-scale web infrastructure.
Relationships and Network Activity:
- Associated IPs: The IP address 207.154.230.149/32 was part of a subnet that included multiple other IP addresses, all of which were active and shared similar traffic characteristics.
- DNS Queries: DNS queries originating from this IP were directed to various authoritative name servers, indicating dynamic domain resolution activities typical of a content delivery network (CDN) setup.
Neighborhood Data:
- Adjacent IPs: The neighboring IP addresses in the same subnet were also associated with the same hosting provider and exhibited similar web service traffic patterns.
- Network Reputation: The surrounding IP addresses maintained a neutral reputation with no significant indicators of malicious activity. They were part of a larger network segment known for hosting legitimate online services.
Threat Intelligence Summary:
The IP address 207.154.230.149/32 was primarily identified as a legitimate web server used for hosting multiple domains. The observed traffic patterns and network behavior were consistent with standard web service operations. There were no indications of malicious activity or associations with known threat actors. The IP's network environment, including adjacent IPs, maintained a neutral reputation, further supporting its role in legitimate web hosting.
Recommendations for SOC Analysts:
- Monitoring: Continue to monitor traffic patterns for any deviations from established baselines, as these could indicate potential misuse or compromise.
- Anomaly Detection: Implement anomaly detection systems to identify any unusual activity originating from this IP or its neighboring addresses.
- Incident Response: Be prepared to investigate any alerts related to this IP, particularly those involving unexpected data exfiltration or unauthorized access attempts.
This intelligence briefing provides a comprehensive overview of the IP address 207.154.230.149/32, aiding SOC teams in maintaining situational awareness and enhancing network defense strategies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | DigitalOcean, LLC |
| ASN | AS14061 |
| Network Name | β |
| CIDR Block | 207.154.224.0/20 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.24.0 (Ubuntu) |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
π TLS Certificate
| SANs | agritosha.comwww.agritosha.com |
| Valid From | 2026-05-20T08:28:29+00:00 |
| Valid Until | 2026-08-18T08:28:28+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 050146BC9A6BC7ADAF03ED08EB350C417CFD |
| Thumbprint | AEE79E1252E199C4ACB75442325217664159C2C1 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 24% | 2 | 3 |
| services | 26% | 2 | 3 |
| ownership | 33% | 3 | 5 |
| reputation | 26% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 27% | 12 | 21 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:10 UTC |
| Last Seen | 2026-06-27 04:04:27 UTC |
| Profile Built | 2026-06-28 04:11:03 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 31 |
Full dossier details are available via our API.