85.159.210.225
IP Intelligence Briefing: 85.159.210.225
Date: 2026-06-08
---
**1. Risk Profile**
- Overall Risk Score: 25 (Low Risk)
- Provider: Linode (ASN 63949)
- Geolocation: London, England (GB)
- Network Role: CloudCompute (Linode-hosted, no open ports)
- Threat Indicators: No malicious activity, no blacklists, no known campaigns.
---
**2. Observation History**
- Consistent Behavior: Stable over 30 days with no abrupt changes in risk or network attributes.
- Key Metrics:
- 1 threat observation (low impact).
- No persistent malicious activity or ownership changes.
- Geolocation consistency with London, GB.
---
**3. Relationships & Network Context**
- DNS Associations:
- Resolves to `85-159-210-225.ip.linodeusercontent.com` (Linode-hosted).
- No email authentication records (SPF/DMArc).
- Subnet: `85.159.210.225/24`
- Abuse Density: 1/256 (low).
- Neighbor Risk: One sibling IP (`85.159.210.150`) with a risk score of 40 (medium risk).
---
**4. Security Actions**
- Recommended Rules: None required due to low risk.
- Mitigation Note: Monitor the subnet for potential lateral movement, given the presence of a higher-risk neighbor.
---
**5. Summary**
The IP is a legitimate Linode cloud instance with no direct threat indicators. While the host itself is clean, the subnet contains one medium-risk neighbor. SOC teams should:
1. Validate the cloud instanceβs compliance with internal security policies.
2. Monitor the subnet for unusual traffic patterns or lateral movement.
3. Ensure DNS and network access controls align with organizational baselines.
Next Steps: Investigate the neighboring IP (`85.159.210.150`) for potentialε ³θ risks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | linode-mnt |
| ASN | AS63949 |
| Network Name | β |
| CIDR Block | 85.159.208.0/21 |
| RIR | RIPE |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 85-159-210-225.ip.linodeusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 85-159-210-225.ip.linodeusercontent.com |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_7.6 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 27% | 3 | 4 |
| services | 15% | 2 | 2 |
| ownership | 27% | 3 | 4 |
| reputation | 26% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 25% | 13 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | High (85%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-17 03:09:42 UTC |
| Last Seen | 2026-06-28 04:44:22 UTC |
| Profile Built | 2026-06-28 22:49:28 UTC |
| Data Freshness | Live |
| Signal Types | 29 |
| Total Observations | 32 |
Full dossier details are available via our API.