172.235.218.58
# IP Intelligence Briefing: 172.235.218.58/32
Classification: Moderate Risk | Analysis Date: 2026-06-20
Data Sources: IPDebrief Intelligence Platform
## Executive Summary
IP address 172.235.218.58 is a Linode cloud compute infrastructure asset with a moderate risk score of 60/100. The IP shows no confirmed malicious indicators, but exhibits elevated risk relative to baseline infrastructure. No immediate threat indicators identified.
## Ownership and Infrastructure
| Attribute | Value |
|---|---|
| ASN | 63949 |
| Organization | Linode |
| Infrastructure Type | Cloud Compute |
| Geolocation | US (Osaka) |
| CIDR Block | 172.235.218.58/32 |
Network Role: Web server hosting environment with RDP and SSH access exposed. DNS forward confirmed to `172-235-218-58.ip.linodeusercontent.com`. Two hosted domains identified: `itluke999.zeabur.app` and the IP hostname.
## Threat Assessment
- Risk Score: 60/100 (Moderate)
- Blacklist Count: 0
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Known Campaigns: None correlated
- Threat Persistence: 0 days
- DNSBL Listed: 1 of 8 total lists
The IP shows no evidence of persistent malicious activity or association with active threat campaigns. Operator classification rated "Basic" (score: 0.4348).
## Neighborhood Analysis
| Metric | Value |
|---|---|
| Subnet | 172.235.218.58/24 |
| Abuse Density | 0.3333 |
| Classification | Mostly Clean |
| Active Siblings | 2 of 3 |
| Threat Siblings | 1 |
Neighbor IPs:
- 172.235.218.59: Risk Score 25 (Low)
- 172.235.218.219: Risk Score 60 (Moderate)
The /24 subnet shows moderate abuse density with 1 threat sibling identified.
## Observed Services
| Port | Protocol | Service | Banner |
|---|---|---|---|
| 443 | TCP | HTTPS | - |
| 22 | TCP | SSH | SSH-2.0-OpenSSH_7.6p1 |
| 8080 | TCP | HTTP-Alt | - |
| 3389 | TCP | RDP | - |
Open RDP (3389) and SSH (22) services present potential lateral movement vectors if compromised.
## Historical Observations
31 total observations recorded. Recent activity (2026-06-20) includes:
- Connection failures on HTTPS endpoint
- Port scanning activity detected
- Network classification signals showing "mostly_clean" status
Route stability confirmed (isRouteStable: true) with zero route changes in 30 days.
## Recommended Actions
Immediate: Increase logging verbosity for this IP and monitor recent activity.
Firewall Rules:
- iptables: `iptables -A INPUT -s 172.235.218.58 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 172.235.218.58 drop`
- Cloudflare WAF: Block rule with expression `ip.src eq 172.235.218.58`
- AWS WAF: Address `172.235.218.58/32`
## Risk Rationale
The IP's moderate risk score stems from infrastructure classification (cloud compute hosting) and elevated risk relative to the subnet's baseline. No direct malicious indicators detected. Correlation with subnet neighbor 172.235.218.219 (identical risk score) suggests potential shared infrastructure risk profile.
Recommendation: Monitor but do not block without additional contextual indicators. Implement enhanced logging and review for any anomalous activity patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
| Honeypot | Trap endpoint probes | 1 |
π’ Ownership & Registration
| Organization | Linode |
| ASN | AS63949 |
| Network Name | β |
| CIDR Block | 172.235.192.0/19 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 172-235-218-58.ip.linodeusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Hosted Domain | itluke999.zeabur.app |
| Hosted Domain | 172-235-218-58.ip.linodeusercontent.com |
| Forward Hostnames | 172-235-218-58.ip.linodeusercontent.com |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| 8080 | http-alt | tcp | β |
| 3389 | rdp | tcp | β |
| Closed Ports | 25, 80, 8443 (4 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_7.6p1 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 20% | 2 | 3 |
| services | 39% | 2 | 5 |
| ownership | 24% | 3 | 4 |
| reputation | 26% | 1 | 3 |
| geolocation | 21% | 2 | 2 |
| Overall | 26% | 12 | 21 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-20 00:29:21 UTC |
| Last Seen | 2026-06-28 10:46:07 UTC |
| Profile Built | 2026-06-29 04:51:01 UTC |
| Data Freshness | Live |
| Signal Types | 31 |
| Total Observations | 37 |
Full dossier details are available via our API.