172.105.16.171
# IP Intelligence Briefing: 172.105.16.171/32
Classification: MODERATE RISK - Cloud Hosting Infrastructure
Analysis Date: 2026-06-27
Reputation Score: 40/100
---
## Executive Summary
IP address 172.105.16.171 is a cloud-hosted web server operating on Linode infrastructure (ASN 63949) in Toronto, Ontario, US. The asset demonstrates moderate risk characteristics with 2 DNSBL listings and evidence of hosting multiple domains under the amishcountryfurnishings.com brand. The IP is classified as cloud compute infrastructure with HTTP/HTTPS services and shows mixed security posture.
---
## Infrastructure Profile
Network Classification:
- Infrastructure Type: Cloud Compute (Linode)
- Hosting Status: Active hosting provider
- IP Classification: Not bogon, not proxy, not Tor
Geolocation:
- Country: United States
- Region: Ontario
- City: Toronto
- GeoSource Confidence: Consensus confirmed across 1 source
Ownership:
- ASN: 63949
- Organization: Linode
- Registration: ARIN
- BGP Prefix: 172.105.0.0/19
---
## Technical Services & Configuration
Open Ports:
- Port 80/TCP (HTTP)
- Port 443/TCP (HTTPS)
Server Configuration:
- Web Server: Apache
- Protocol: HTTP/2.0
- TLS Version: TLS 1.3
- Cipher Suite: TLS_AES_256_GCM_SHA384 (Strong encryption)
DNS Resolution:
- PTR Hostname: li1971-171.members.linode.com
- Forward Resolution: Confirmed
- Hosted Domain: amishcountryfurnishings.com
SSL/TLS Certificate:
- Issuer: Let's Encrypt (R13)
- Subject: CN=mail.amishcountryfurnishings.com
- SANs: amishcountryfurnishings.com and 5 additional subdomains
- Validity: Not before/after dates pending verification
---
## Threat Indicators & Reputation
Risk Indicators:
- Risk Score: 40 (Moderate)
- DNSBL Listings: 2 of 8 total lists
- Threat Persistence: 0 days observed
- Known Campaigns: None identified
- Is Tor Exit: No
- Known Attacker: No
- Spam Source: No
Control Plane:
- RPKI State: Not validated
- IR Consistency: Not evaluated
- Route Stability: False (not stable)
- MOAS: Not a Most-Recently-Used IP
---
## Historical Observations
Observation Count: 24 signals recorded
Recent Activity Trends:
- 2026-06-26: HTTP server fingerprinting detected Apache server with HTTP/2.0 support
- TLS Configuration: TLS 1.3 with strong cipher suite observed
- Security Headers: Content-Security-Policy present; X-Frame-Options: SAMEORIGIN configured
- HTTP Status: 301 (Permanent Redirect)
- Robots.txt: Configured with crawl restrictions for Bingbot and other scrapers
- CSP: frame-ancestors 'self' enforced
Signal Confidence Levels:
- Low confidence (0.18-0.30) on recent geolocation and threat signals
- Higher confidence (0.80-0.90) on HTTP and TLS configuration signals
---
## Network Relationships
Total Relationships: 56 entities linked
Key Associations:
- Same Network: Multiple LINODE network associations
- DNS Associations: li1971-171.members.linode.com (primary hostname)
- Network Type: Cloud infrastructure network
No direct organizational or campaign relationships identified beyond Linode hosting infrastructure.
---
## Neighborhood Analysis
Subnet: 172.105.16.0/24
Abuse Density: 0.0 (Low)
Risk Distribution:
- High Risk: 0
- Medium Risk: 0
- Low Risk: 0
Sibling Analysis:
- Total Siblings: 1
- Active Siblings: 0
- Threat Siblings: 1
Assessment: The IP operates in isolation within its subnet with minimal neighborhood threat density.
---
## Control Plane Intelligence
Routing Stability: False
Route Changes (30 days): 0
BGP Path: Not available
RRPKI Validation: Not validated
IRR Consistency: Not evaluated
DNSSEC: Valid
CAA Records: Not present
---
## GeoValidation Anomaly
Distance Verification: FAILED
- Observed RTT: 40ms
- Expected Minimum RTT: 121.6ms (for 6078km distance from probe location)
- Violation: RTT 40.0ms < minimum possible 121.6ms
- Assessment: Geographic location data may be spoofed or routing path is abnormally optimized
---
## Recommended Actions
Firewall/Network Rules:
1. Monitor DNSBL Listings: Investigate 2 blacklist entries for potential spam or abuse activity
2. TLS Verification: Confirm SSL certificate validity and renewal schedule
3. Geolocation Discrepancy: Flag for manual verification due to RTT validation failure
4. Domain Monitoring: Track amishcountryfurnishings.com subdomains for reputation changes
Security Posture Observations:
- Apache server with HTTP/2.0 and TLS 1.3 demonstrates reasonable security practices
- Security headers (CSP, X-Frame-Options) properly configured
- Robots.txt restrictions indicate awareness of search engine crawling policies
---
## Threat Assessment
Overall Risk: MODERATE (40/100)
Risk Drivers:
1. Cloud hosting environment (Linode)
2. Multiple DNSBL listings (2/8)
3. Geographic validation anomaly
4. Hosting multiple domains
Mitigating Factors:
1. Strong TLS 1.3 encryption
2. Proper security headers configuration
3. No known campaigns or attacker associations
4. Clean neighborhood (0 abuse
Density: 0)
Final Assessment:
- Immediate Action Required: Low priority
- Threat Level: Moderate - Monitor but no immediate block recommended
- Investigation Priority: Secondary to active threat indicators
Intelligence Notes for SOC:
- Asset shows standard cloud hosting behavior without active malicious indicators
- DNSBL presence warrants monitoring but lacks confirmed abuse correlation
- Geographic validation failure should be documented but may indicate routing optimization rather than spoofing
- Recommend periodic re-scanning to monitor risk score trends over 30-day window
Data Collection:
- Source: IPDebrief Intelligence Platform
- Data Freshness: Current as of analysis timestamp
- Confidence Level: Moderate (varies by signal type)
End of Intelligence Briefing
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Linode |
| ASN | AS63949 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | li1971-171.members.linode.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | li1971-171.members.linode.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | Apache |
| HTTP Title | β |
π TLS Certificate
| SANs | amishcountryfurnishings.comautodiscover.amishcountryfurnishings.comcpanel.amishcountryfurnishings.comcpcalendars.amishcountryfurnishings.comcpcontacts.amishcountryfurnishings.commail.amishcountryfurnishings.comwebdisk.amishcountryfurnishings.comwebmail.amishcountryfurnishings.comwww.amishcountryfurnishings.com |
| Valid From | 2026-05-04T14:31:37+00:00 |
| Valid Until | 2026-08-02T14:31:36+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 056B42199D415C6C3C109D771F082299B7D0 |
| Thumbprint | 0BB36598ACBEC082D02F698DA29BEB179BD3035F |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 32% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 27% | 10 | 17 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-10 10:13:23 UTC |
| Last Seen | 2026-06-27 17:25:33 UTC |
| Profile Built | 2026-06-28 17:30:13 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 30 |
Full dossier details are available via our API.