65.20.137.173
IP Intelligence Briefing: 65.20.137.173
Date: 2026-06-10
---
**1. Core Risk Profile**
- Risk Score: 80 (High Risk)
- Network Role: Web Server (HTTP/HTTPS/SSH)
- Geolocation:
- Country: UAE (AE)
- City: Baghdad (note: geolocation discrepancy; city data may be outdated or inaccurate)
- Coordinates: 23.42°N, 53.85°E
- Timezone: Asia/Dubai
- Ownership:
- ASN: 203214
- Organization: ae-earthlink-dmcc-1-mnt (ARIN registry)
- Abuse Contact: Available via RDAP
---
**2. Threat Indicators**
- DNSBL Listings (4/8):
- Flagged on 4 out of 8 DNSBLs (confidence: 0.85).
- Lists include: [nested data omitted] (high-severity entries).
- Network Activity:
- Open ports: 80 (HTTP), 443 (HTTPS), 22 (SSH).
- SSH banner: `SSH-2.0-dropbear` (lightweight server, sometimes used in low-security setups).
- No TLS certificate detected.
---
**3. Observation History**
- Recent Activity (Last 30 Days):
- June 9, 2026: Connection failure attempt (confidence: 0.30).
- June 3, 2026:
- 4 DNSBL listings (high-severity threats).
- Subnet abuse density: 66.67% (mostly clean, but 2/3 siblings flagged).
- No persistent malicious behavior detected.
---
**4. Network Relationships**
- Same Network: Linked to AE-EARTHLINK-DMCC-20010129 (same ASN, likely internal network).
- Neighbors (65.20.137.0/24):
- 65.20.137.75: Risk score 40 (low-medium risk).
- 65.20.137.232: Risk score 55 (medium risk).
- Subnet abuse density: 0% (clean, but IP itself is high risk).
---
**5. Recommendations**
- Block/Restrict:
- Block the IP in firewalls (iptables/nftables/Cloudflare WAF).
- Monitor SSH access logs for brute-force attempts.
- Investigate:
- Verify geolocation accuracy (Baghdad, Iraq vs. UAE).
- Check DNSBL listings for specific threat indicators (e.g., phishing, malware distribution).
- Network Segmentation:
- Isolate the subnet (65.20.137.0/24) if it contains high-risk IPs.
---
Note: This IP is flagged as high-risk due to DNSBL listings and open services. Verify if it belongs to a legitimate organization (ae-earthlink-dmcc) or a malicious actor. Further analysis of the SSH service and DNSBL context is recommended.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | ae-earthlink-dmcc-1-mnt |
| ASN | AS203214 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | lighttpd/1.4.39 |
| HTTP Title | โ |
| SSH Version | SSH-2.0-dropbear <??#S??0???x?I?m?curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-gro |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 21% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 15% | 1 | 2 |
| geolocation | 32% | 2 | 3 |
| Overall | 22% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:32 UTC |
| Last Seen | 2026-06-23 20:00:20 UTC |
| Profile Built | 2026-06-23 20:17:27 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 26 |
Full dossier details are available via our API.