172.235.167.8
# IP Intelligence Briefing: 172.235.167.8/32
## Executive Summary
IP address 172.235.167.8 is a cloud compute infrastructure endpoint hosted on Linode (ASN 63949) with a Low Risk rating (Score: 25). The IP operates as a standard web server with SSH access and shows no active threat indicators or malicious campaign associations.
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **Organization** | Linode |
| **ASN** | 63949 |
| **CIDR Block** | 172.232.0.0/13 |
| **Geolocation** | Amsterdam, Netherlands (US Registry) |
| **Infrastructure Type** | Cloud Compute |
| **Network Role** | Web Server |
## Network Services
- Port 443/TCP - HTTPS (web traffic)
- Port 22/TCP - SSH (OpenSSH 7.0)
## DNS Analysis
- PTR Record: 172-235-167-8.ip.linodeusercontent.com
- Forward Resolution: Confirmed
- Hosted Domain: linodeusercontent.com
- Email Authentication: No SPF/DMARC records detected
## Threat Assessment
- Risk Score: 25 (Low Risk)
- Blacklist Count: 0
- Abuse Confidence: Not flagged
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Campaign Likelihood: None detected
## Historical Observations
- Total Observations: 28 signals over monitoring period
- Threat Persistence Days: 0
- Classification: Mostly Clean
- Abuse Density: 0 (subnet level)
- Persistently Malicious: No
## Neighborhood Analysis
- Subnet: 172.235.167.0/24
- Active Siblings: 1
- Threat Siblings: 0
- Subnet Abuse Density: 0 (clean)
## Recommended Actions
Status: Low Priority - No immediate blocking required
- IP operates on legitimate cloud infrastructure (Linode)
- Standard web server with SSH access
- No threat indicators or blacklist hits detected
- Consider allowing traffic with standard logging for visibility
## Intelligence Notes
This IP represents legitimate cloud hosting infrastructure. The absence of threat indicators, combined with clean neighborhood metrics and proper DNS configuration, indicates normal cloud compute usage. SOC teams may monitor for behavioral anomalies but no active threat blocking is warranted at this time.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Linode |
| ASN | AS63949 |
| Network Name | LINODE |
| CIDR Block | 172.232.0.0/13 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 172-235-167-8.ip.linodeusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 172-235-167-8.ip.linodeusercontent.com |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_7.0 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 27% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 20% | 2 | 3 |
| Overall | 23% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-29 05:54:47 UTC |
| Last Seen | 2026-06-29 06:08:56 UTC |
| Profile Built | 2026-06-29 06:17:00 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 26 |
Full dossier details are available via our API.