172.235.40.131
IP Intelligence Briefing: 172.235.40.131
Date: 2026-06-12
---
**1. Core Profile**
- Risk Score: 80 (High Risk)
- Ownership: Linode (ASN 63949)
- Geolocation: United States, California, Los Angeles
- Network Role: Cloud Compute (Hosting)
- Threat Indicators: No direct malicious activity detected.
- Services: No open ports; no TLS/HTTP services identified.
---
**2. Observation History**
- Recent Activity (Last 30 Days):
- High-Risk Signals:
- Linked to Akamai (ASN 20940) via AlienVault OTX, with 50+ threat pulses (e.g., phishing, malware).
- DNSSEC validation failure and 3/8 DNSBL listings (moderate risk).
- Stability: Route stability score is low (0), indicating potential network instability.
- Behavioral Flags: Honeypot detection and unusual routing paths (Comcast transit).
---
**3. Relationships**
- Network Affiliation:
- Part of LINODE (AS63949) network.
- DNS Associations:
- Resolves to `172-235-40-131.ip.linodeusercontent.com`.
- No Linked Threat Entities: No subnets, organizations, or certificates tied to known malicious activity.
---
**4. Neighborhood Analysis**
- Subnet: 172.235.40.0/24
- Abuse Density: 0% (clean subnet).
- Neighbors: No active sibling IPs detected in the subnet.
---
**5. Recommendations**
1. Monitor for Anomalous Traffic:
- Track DNS queries and network behavior due to conflicting signals (Akamai linkage, DNSSEC issues).
2. Verify Ownership:
- Confirm Linodeβs compliance with security practices, as the IP is part of a cloud hosting provider.
3. Investigate Route Stability:
- Address potential routing instability (low stability score) to prevent service disruptions.
4. Check for Hidden Services:
- Although no open ports are detected, the honeypot flag suggests further scrutiny for covert operations.
---
Conclusion:
The IP is a Linode cloud instance with no direct malicious indicators but shows conflicting network signals (e.g., Akamai linkage). While the subnet is clean, the high-risk score and unstable routing warrant close monitoring. No immediate action is required, but ongoing observation is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Linode |
| ASN | AS63949 |
| Network Name | LINODE |
| CIDR Block | 172.232.0.0/13 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 172-235-40-131.ip.linodeusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 172-235-40-131.ip.linodeusercontent.com |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 30% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 25% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-31 17:23:36 UTC |
| Last Seen | 2026-06-21 06:33:36 UTC |
| Profile Built | 2026-06-21 06:36:31 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 26 |
Full dossier details are available via our API.