172.236.151.195
# IP INTELLIGENCE BRIEFING
Target: 172.236.151.195/32
Classification: Low Risk Cloud Infrastructure Asset
Reporting Date: 2026-06-19
---
## EXECUTIVE SUMMARY
IP 172.236.151.195 operates as a legitimate cloud hosting infrastructure asset within the Linode network (ASN: 63949). The IP demonstrates a low-risk profile (Risk Score: 25) with no active threat indicators, minimal abuse history, and standard web hosting services. The IP is classified as "Low Risk" with a reputation consistent with legitimate cloud compute usage.
---
## OWNERSHIP & GEOLOCATION
| Attribute | Value |
|---|---|
| **ASN** | 63949 (Linode) |
| **Organization** | Linode |
| **Geolocation** | Singapore (SG) |
| **CIDR Block** | 172.236.128.0/19 |
| **Infrastructure Type** | Cloud Compute |
| **Registration** | ARIN |
The IP resolves to standard Linode cloud infrastructure hosting. Geolocation data is consistent with the claimed Singapore location (10,382.9 km from probe origin), with an average RTT of 253ms.
---
## NETWORK SERVICES & FINGERPRINTING
- Open Ports: 80/tcp (HTTP), 443/tcp (HTTPS), 22/tcp (SSH)
- Web Server: nginx/1.24.0 (Ubuntu)
- TLS Certificate: Let's Encrypt (CN=E8, O=Let's Encrypt, C=US)
- Certificate Subject: adflownexus.com
- DNS PTR: 172-236-151-195.ip.linodeusercontent.com
- HTTP Status: 301 (Redirect)
- HTTP/2: Enabled
---
## THREAT INDICATORS
- Abuse Confidence Score: None reported
- Blacklist Count: 0
- Known Attacker: False
- Spam Source: False
- Tor Exit Node: False
- Known Campaigns: None
- Threat Feeds: Empty
No active threat indicators observed. The IP shows 1 DNSBL listing out of 8 total lists checked, with a risk operator score of 0.2609 (Basic classification).
---
## OBSERVATION HISTORY
Total observations: 22
Recent Activity (2026-06-19):
- HTTP/2 enabled with 793ms time-to-first-byte
- Standard nginx headers present
- TLS handshake signals present
- No malicious banners or threat signatures detected
- 5 geolocation probes with consistent Singapore location
The IP demonstrates stable, benign web hosting behavior with no degradation or escalation in risk signals over the observation period.
---
## NEIGHBORHOOD ANALYSIS
Subnet: 172.236.151.195/24
- Abuse Density: 0
- Classification: Mostly Clean
- High Risk Neighbors: 0
- Medium Risk Neighbors: 0
- Low Risk Neighbors: 0
- Active Siblings: 1
The /24 subnet shows minimal abuse activity with the target IP being the primary active sibling. No correlated high-risk infrastructure in the immediate neighborhood.
---
## RELATIONSHIP GRAPH
Total relationships: 46
Key Associations:
- DNS associations to linodeusercontent.com hostnames
- Network relationships to LINODE infrastructure
- No organizational or certificate cross-references indicating malicious activity
---
## SECURITY ACTIONS
No specific firewall rules or blocking actions recommended. The IP presents as legitimate cloud infrastructure with standard services.
---
## ANALYST NOTES
This IP represents typical cloud hosting infrastructure from Linode. The Let's Encrypt certificate for adflownexus.com indicates legitimate web hosting use. The low risk score (25), absence of blacklist entries, and clean subnet classification support continued monitoring without escalation. No immediate threat intelligence warrants aggressive blocking or investigation.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Linode |
| ASN | AS63949 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 172-236-151-195.ip.linodeusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 172-236-151-195.ip.linodeusercontent.com |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | 0/2 domains |
| DMARC | 0/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.24.0 (Ubuntu) |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6 |
π TLS Certificate
| SANs | adflownexus.comwww.adflownexus.com |
| Valid From | 2026-05-26T10:31:34+00:00 |
| Valid Until | 2026-08-24T10:31:33+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 06BD438711E2205A5D2B2DCDD5FF8C9CB93C |
| Thumbprint | 2F2D23E0517725FC41B3689230BACE2FFB8B0D8B |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 26% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-14 19:28:18 UTC |
| Last Seen | 2026-06-28 01:19:21 UTC |
| Profile Built | 2026-06-28 19:24:19 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 29 |
Full dossier details are available via our API.