## IPDEBRIEF INTELLIGENCE BRIEFING
Target IP: 172.235.193.228/32
Classification: Cloud Compute Infrastructure
Risk Rating: LOW (Score: 25/100)
Date: 2026-06-28
---
EXECUTIVE SUMMARY
IP 172.235.193.228 is a Linode cloud compute instance (ASN 63949) with low-risk profile. The IP exhibits no active threat indicators, operates behind firewalls with no exposed services, and maintains a clean subnet classification. Historical observations show consistent cloud hosting behavior with no escalation in malicious activity.
---
INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **Organization** | Linode |
| **ASN** | 63949 |
| **Country** | US |
| **Infrastructure Type** | Cloud Compute |
| **PTR Hostname** | 172-235-193-228.ip.linodeusercontent.com |
| **CIDR Block** | 172.235.192.0/19 |
| **Service Status** | Firewalled / No Services |
| **Open Ports** | None detected |
---
THREAT ASSESSMENT
Current Risk Indicators:
- β No known attacker reputation
- β Not a Tor exit node
- β Not identified as spam source
- β Zero blacklist hits
- β No known campaign affiliations
- β No threat feed matches
Control Plane Observations:
- DNSBL listings: 1 of 8 total lists
- Operator score: 0.2609 (Basic classification)
- Route stability: Unstable (route changes detected)
- DNSSEC: Valid
---
NEIGHBORHOOD ANALYSIS
Subnet: 172.235.193.228/24
Abuse Density: 0 (Clean)
Classification: Clean
Sibling IPs:
- 172.235.193.218: Risk Score 60 (Medium)
- 172.235.193.228: Risk Score 25 (Low)
Assessment: Subnet shows minimal threat activity. Single sibling IP (172.235.193.218) presents elevated risk, requiring monitoring but not immediate action.
---
OBSERVATION HISTORY
Total Signals: 22 observations
Time Range: June 2026
Key Findings:
- Consistent PTR resolution to Linode domain
- Network classification stable (Linode cloud hosting)
- Geolocation: US (Osaka region)
- Abuse density maintained at 0 throughout observation period
- No threat persistence indicators
---
RELATIONSHIP MAPPING
Primary Associations:
- DNS: linodeusercontent.com
- Network: LINODE infrastructure
- ASN: 63949 (Linode)
No certificate or organizational relationships beyond Linode cloud infrastructure identified.
---
RECOMMENDED ACTIONS
Monitoring Recommendations:
1. Monitor sibling IP 172.235.193.218 (risk score 60) for potential correlation
2. No immediate blocking required - low-risk infrastructure
3. Standard cloud compute monitoring protocols apply
Firewall Rules: No specific blocking rules recommended. Treat as legitimate cloud infrastructure.
---
INTELLIGENCE NOTES
The IP demonstrates characteristics of benign cloud hosting infrastructure with no evidence of malicious activity. The elevated sibling IP (172.235.193.218) warrants separate investigation to determine if any correlation exists. Overall threat level remains LOW with no immediate defensive actions required.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Linode |
| ASN | AS63949 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 172-235-193-228.ip.linodeusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 172-235-193-228.ip.linodeusercontent.com |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 26% | 2 | 4 |
| ownership | 20% | 2 | 3 |
| reputation | 18% | 1 | 2 |
| geolocation | 33% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-23 12:22:23 UTC |
| Last Seen | 2026-06-28 21:23:56 UTC |
| Profile Built | 2026-06-29 03:27:31 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.