172.105.157.220
IP Intelligence Briefing: 172.105.157.220
Date: 2026-06-15
---
**1. Core Profile**
- Risk Score: 40 (Moderate Risk)
- Provider: Linode (Cloud Hosting)
- Geolocation: Registered to Atlanta, GA, US (but geo-validation flags inconsistency between claimed location and observed RTT).
- Network Role: Cloud Compute (Single-Service Host)
- Services: Open SSH (port 22) with banner "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15".
- Ownership: ASN 63949 (Linode), no abuse reports.
---
**2. Threat & Risk Indicators**
- Threat Status: No active indicators (no malware, spam, or known attacker associations).
- Historical Observations (Last 30 Days):
- Listed in 2 threat feeds (high severity).
- DNSSEC valid, but DNSBL listed in 1 of 8 checks.
- Geo-validation violation: RTT (37ms) inconsistent with claimed distance (7,165km).
- Subnet Abuse Density: 1/256 IPs in 172.105.157.0/24 are flagged as risky.
---
**3. Relationships & Neighbors**
- Connected Entities:
- DNS: `172-105-157-220.ip.linodeusercontent.com` (Linode-hosted).
- Subnet: 172.105.157.0/24 (Linode network).
- Neighbor Risk:
- 1 neighbor (172.105.157.44) has a risk score of 25 (low).
- Subnet abuse density: 0.4% (mostly clean).
---
**4. Recommended Actions**
- Monitoring: Investigate geo-validation inconsistency and historical threat feed listings.
- Mitigation:
- Block the IP via firewall rules (see below).
- Monitor associated subnet for lateral movement.
- Tools:
- iptables: `iptables -A INPUT -s 172.105.157.220 -j DROP`
- Cloudflare WAF: Block IP with rule `ip.src eq 172.105.157.220`.
---
**5. Summary**
This Linode-hosted IP is not currently malicious but shows inconsistent geolocation and historical threat feed activity. While the risk is moderate, the subnet has low abuse density. Block the IP as a precaution and monitor for anomalies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Linode |
| ASN | AS63949 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 172-105-157-220.ip.linodeusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 172-105-157-220.ip.linodeusercontent.com |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-17 21:14:31 UTC |
| Last Seen | 2026-06-28 05:44:56 UTC |
| Profile Built | 2026-06-28 23:49:57 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.