172.236.228.218
IP Intelligence Briefing: 172.236.228.218
Date: 2026-06-08
---
**1. Core Profile**
- Risk Score: Moderate (55/100)
- Provider: Linode (ASN 63949)
- Geolocation: Los Angeles, CA, US
- Network Role: Cloud Compute (Hosting, No Public Services)
- Threat Indicators: None detected (no malware, spam, or campaign ties)
---
**2. Observation History**
- Latest Scan (2026-06-08):
- Open ports scanned but no services identified (ports: 22, 80, 443, etc.).
- DNS resolution confirmed for `172-236-228-218.ip.linodeusercontent.com`.
- Subnet Abuse Density: 56.25% (high abuse classification).
- Trend: No persistent threats; low confidence in recent signals (0.2β0.7).
---
**3. Relationships**
- DNS Associations:
- Linked to `172-236-228-218.ip.linodeusercontent.com` (Linode subdomain).
- Network Context:
- Same subnet as 15 IPs, 9 of which are flagged as high-risk (80+ score).
- Subnet classification: High Abuse (abuse density: 0.56).
---
**4. Neighborhood Analysis**
- Subnet: 172.236.228.0/24
- Neighbor Risk Scores:
- 2 IPs at 80+ (elevated risk), 12 at 55 (moderate).
- 3 IPs with unknown risk (null scores).
- Abuse Density: 13.3% (moderate risk across the subnet).
---
**5. Actionable Insights**
- Monitor Subnet: The 172.236.228.0/24 subnet has a high abuse density. Investigate neighboring IPs (e.g., 172.236.228.39, 172.236.228.208) for potential compromised hosts.
- Block High-Risk Neighbors: Consider blocking IPs with scores β₯80 if they are not authorized cloud instances.
- Verify Cloud Instance: Confirm if this Linode IP is associated with legitimate cloud workloads. Check for unexpected outbound traffic or service exposure.
- DNS Monitoring: Track DNS resolution for `linodeusercontent.com` to detect anomalous subdomain activity.
---
Conclusion: This IP is a Linode cloud instance with no direct threat indicators, but its subnet contains elevated-risk neighbors. SOC teams should prioritize monitoring the subnet for lateral movement or compromised hosts.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Linode |
| ASN | AS63949 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 172-236-228-218.ip.linodeusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 172-236-228-218.ip.linodeusercontent.com |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-18 03:22:02 UTC |
| Last Seen | 2026-06-28 06:02:33 UTC |
| Profile Built | 2026-06-29 00:08:27 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.