## IP Intelligence Briefing: 172.234.84.16
Classification: Moderate Risk Cloud Infrastructure Asset
Provider: Linode (ASN 63949)
Status: Active Cloud Compute/Hosting
Executive Summary
IP 172.234.84.16 operates as a Linode cloud infrastructure endpoint with a moderate risk score of 60. The asset exhibits standard cloud hosting characteristics with no persistent malicious indicators, though it registers on one DNS blacklist entry and demonstrates basic operator classification.
Risk Assessment
- Overall Risk Score: 60 (Moderate Risk)
- Abuse Confidence: No known campaigns or attacker attribution
- Blacklist Status: 1 of 8 DNSBL lists; 0 current blacklists
- Threat Persistence: No persistent malicious activity observed
Technical Profile
- Infrastructure Type: Cloud Computing / Hosting
- Network Classification: Non-bogon, non-mobile, non-residential
- BGP Prefix: 172.234.80.0/20
- Route Stability: Stable (no changes in last 30 days)
- DNSSEC: Valid
- Services: Nginx web server (HTTP/2.0), firewall configured
- TLS: Certificate present (HTTP HSTS enabled)
Geolocation Analysis
- Primary Indication: Japan (JP), Osaka region
- Alternative Inference: United States (Cambridge, 39.83°N, -98.58°W)
- Validation Status: ICMP blocked; distance discrepancy ~9,134 km suggests routing complexity
- Geolocation Confidence: Consensus enabled across 2 sources
Neighborhood Context
- Subnet Analysis: 172.234.84.0/24
- Abuse Density: 0.5 (low)
- Active Siblings: 2 total
- Threat Siblings: 1
- Overall Classification: Mostly clean
Historical Trends (35 Observations)
- Temporal Stability: Ownership and threat persistence unchanged
- Operator Score: 0.3043 (Basic classification)
- Geolocation: Inconsistent reporting (JP vs US) over observation window
- Threat Signals: No escalation in threat indicators
Relationship Graph
- Total Relationships: 54
- Primary Associations: 49+ Same Network (Linode) relationships
- Network Affiliation: Confirmed Linode infrastructure
Recommended Actions
1. Allow with Monitoring: Permitted traffic from Linode cloud infrastructure
2. DNSBL Review: Investigate source of 1 DNSBL listing; may be false positive
3. Traffic Baseline: Establish normal traffic patterns for cloud hosting endpoint
4. No Blocking Recommended: No active threat indicators warranting block
SOC Analyst Notes
This IP represents legitimate Linode cloud infrastructure with standard hosting characteristics. The moderate risk score reflects basic operator classification rather than malicious activity. Monitor for changes in blacklist status and geolocation consistency. No immediate mitigation actions required.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
| Honeypot | Trap endpoint probes | 1 |
π’ Ownership & Registration
| Organization | Linode |
| ASN | AS63949 |
| Network Name | β |
| CIDR Block | 172.234.80.0/20 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | nginx |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 20% | 2 | 4 |
| routing | 22% | 3 | 4 |
| services | 20% | 2 | 3 |
| ownership | 22% | 3 | 4 |
| reputation | 24% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 13 | 21 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-16 03:41:18 UTC |
| Last Seen | 2026-06-28 03:14:13 UTC |
| Profile Built | 2026-06-28 21:20:04 UTC |
| Data Freshness | Live |
| Signal Types | 32 |
| Total Observations | 35 |
Full dossier details are available via our API.