172.236.127.133
## IP Intelligence Briefing: 172.236.127.133
Executive Summary
IP address 172.236.127.133 is associated with Linode cloud infrastructure (ASN 63949) in Chicago, IL. The IP carries a moderate risk score of 55/100 with no confirmed threat indicators. Infrastructure shows firewalled status with no open services detected. Recommended action: Monitor or consider blocking based on organizational threat posture.
---
Infrastructure Profile
- Organization: Linode (LINODE)
- ASN: 63949
- Network Block: 172.232.0.0/13
- Classification: Cloud Compute / Hosting
- Geolocation: United States, Chicago, IL
- DNS: 172-236-127-133.ip.linodeusercontent.com
- Service Status: Firewalled / No Services (no open ports detected)
Risk Assessment
- Overall Risk Score: 55/100 (Moderate Risk)
- Abuse Confidence: Not scored
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- DNSBL Listings: 3 of 8 total lists
- Threat Persistence: 0 days observed
- Persistently Malicious: False
Neighborhood Analysis
- Subnet: 172.236.127.133/24
- Abuse Density: Low (1/256)
- Subnet Classification: Mostly Clean
- Threat Siblings: 1
- Active Siblings: 1
- Inherited Risk: 2/100
Control Plane Observations
- Route Stability: Unstable
- Operator Score: 0.2609 (Basic)
- RPKI State: Not evaluated
- IR Consistency: Not evaluated
- Route Changes (30d): 0
Temporal Indicators
- Observation Count: 24 historical observations
- Latest Signal: 2026-06-29T03:55:14
- Ownership Changes: 0
- Threat Observation Count: 1
Relationship Graph
- Primary Associations: DNS associations to Linode infrastructure
- Network Relationships: Same network (LINODE)
- Related Hostnames: 172-236-127-133.ip.linodeusercontent.com
Anomalies
- Geolocation Validation: Failed (geoPlausible: false)
- RTT Violation: Observed 34ms RTT vs minimum possible 134.2ms for Chicago, IL location (6,707km distance)
---
Recommended Security Actions
Monitoring:
- Increase logging verbosity and review recent activity from this IP
- Monitor for escalation in risk indicators
Firewall Recommendations:
- iptables: `iptables -A INPUT -s 172.236.127.133 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 172.236.127.133 drop`
- nginx: `deny 172.236.127.133;`
- pfSense: Add to block list: `172.236.127.133/32`
- Cloudflare WAF: Block with expression: `ip.src eq 172.236.127.133`
- AWS WAF: Add to deny list: `172.236.127.133/32`
---
Intelligence Narrative
The target IP 172.236.127.133 represents a Linode cloud compute instance with moderate risk characteristics. The IP shows no confirmed malicious activity patternsβno known attacker reputation, no Tor exit node classification, and zero confirmed spam source indicators. The single threat observation recorded shows minimal risk.
However, the moderate risk score (55/100) warrants attention. The IP is part of a subnet with low abuse density (1/256) and mostly-clean classification, though one threat sibling exists in the neighborhood. Geolocation data shows validation failures with RTT anomalies suggesting potential data inaccuracies.
The infrastructure is properly configured with firewalled services and standard DNS resolution for Linode hosting. The route instability flag and 3 DNSBL listings suggest the IP may have transient reputation issues. No persistent malicious behavior has been observed over the 24 observation period.
Decision Point: Given the moderate risk score and cloud hosting nature, implement blocking if the IP is not a known legitimate service. Monitor for activity escalation given the unstable routing status and DNSBL listings.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Linode |
| ASN | AS63949 |
| Network Name | LINODE |
| CIDR Block | 172.232.0.0/13 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 172-236-127-133.ip.linodeusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 172-236-127-133.ip.linodeusercontent.com |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 21% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-27 07:16:57 UTC |
| Last Seen | 2026-06-29 03:55:24 UTC |
| Profile Built | 2026-06-29 03:57:18 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 22 |
Full dossier details are available via our API.