172.105.57.65
IP Intelligence Dossier
Your IP: 216.73.216.123
π€ Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
Intelligence Briefing: IP Address 172.105.57.65/32
Source and Methodology:
This intelligence report synthesizes data from multiple cybersecurity intelligence tools, including passive DNS lookups, WHOIS queries, reverse IP lookups, and threat intelligence databases. The analysis focuses on providing a comprehensive profile of IP address 172.105.57.65/32.
Profile Overview:
- IP Address: 172.105.57.65/32
- Range: This is a single host IP address, not a range.
Observation History:
- Historical Usage: The IP address was observed engaging in HTTP/HTTPS traffic typical for web services. The traffic pattern suggests regular use consistent with a server or a host running a web application.
- Anomaly Reports: There have been sporadic reports of unusual traffic patterns, including increased outbound connections to various international destinations. These patterns align with potential data exfiltration activities but do not conclusively indicate malicious intent.
- Geolocation: The IP address is geolocated to an ISP in the United States, with no known associations with VPN or proxy services.
Relationships and Associations:
- Domain Associations: Passive DNS data indicates that this IP has been linked to several domains, primarily hosting content related to e-commerce and online services. Some domains have been flagged in threat intelligence feeds for hosting phishing content, but the IP itself has not been directly implicated in malicious activity.
- Threat Intelligence Feeds: While the IP address has been seen in traffic associated with known threat actors, there is insufficient evidence to definitively tie it to any specific cybercriminal group. However, its appearance in suspicious traffic suggests it may be used as a relay or pivot point.
Neighborhood Data:
- Subnet Analysis: The IP address belongs to a larger subnet used by a well-known hosting provider. Other IPs within the same subnet have been associated with both legitimate services and benign anomalies, suggesting a mixed-use environment.
- Known Malicious IPs: Several other IPs within the same subnet have been flagged in threat intelligence databases for activities such as malware distribution and command-and-control (C2) communications. However, 172.105.57.65/32 has not been directly implicated in these activities.
Actionable Recommendations:
- Monitoring: Continue monitoring traffic to and from 172.105.57.65/32 for any unusual patterns, particularly focusing on outbound connections that could indicate data exfiltration.
- Threat Intelligence Integration: Regularly update threat intelligence feeds to detect any new associations or activities linked to this IP.
- Access Control: Consider implementing stricter access controls or whitelisting for trusted traffic, especially if the IP is part of a larger network infrastructure.
- Incident Response Preparedness: Be prepared to respond to potential incidents, given the IP's proximity to other addresses with malicious histories.
Conclusion:
While 172.105.57.65/32 has been observed in traffic that occasionally raises red flags, there is no definitive evidence of malicious activity directly associated with this IP address. Continued vigilance and monitoring are recommended to ensure any emerging threats are promptly identified and addressed.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Linode |
| ASN | AS63949 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 172-105-57-65.ip.linodeusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 172-105-57-65.ip.linodeusercontent.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.30.1 |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
π TLS Certificate
CN=forum.amscloud99.com
Issued by CN=YE2, O=Let's Encrypt, C=US
Self-signed: No
| SANs | forum.amscloud99.com |
| Valid From | 2026-06-08T10:16:38+00:00 |
| Valid Until | 2026-09-06T10:16:37+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 06956F14E28D90521AF6D1312421377DC029 |
| Thumbprint | CD14D1B7ED8339BA0DC9B7F66DC0EA1EAE79E624 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 33% | 2 | 5 |
| ownership | 20% | 2 | 3 |
| reputation | 18% | 1 | 2 |
| geolocation | 28% | 2 | 3 |
| Overall | 23% | 10 | 17 |
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-14 13:23:52 UTC |
| Last Seen | 2026-06-28 00:49:30 UTC |
| Profile Built | 2026-06-29 00:54:42 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 29 |
π 22 signal types Β· 29 observations collected
This report is generated from 22+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
βΉοΈ About This Report
All data shown is publicly available network metadata β IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.