172.236.228.220
## IP Intelligence Briefing: 172.236.228.220
Executive Summary
IP 172.236.228.220 is a Linode cloud compute infrastructure address with moderate risk score (55/100). While the IP shows no active threat indicators, the neighborhood demonstrates elevated abuse density requiring defensive posture.
Risk Assessment
- Risk Score: 55/100 (Moderate Risk)
- Reputation: Moderate Risk
- Abuse Confidence Score: Not available
- Blacklist Status: Listed on 3 DNSBLs (3 of 8 total lists)
Infrastructure Classification
- Provider: Linode (ASN 63949)
- Infrastructure Type: CloudCompute
- CIDR Block: 172.236.224.0/19
- Service Status: Firewalled / No Services Detected
- Geolocation: Los Angeles, CA, US (geovalidation flagged as implausible per RTT analysis)
Neighborhood Context
The /24 subnet (172.236.228.0/24) exhibits concerning characteristics:
- Abuse Density: 0.625 (high abuse classification)
- Total Siblings: 16 IPs
- Active Siblings: 11 IPs
- Threat Siblings: 10 IPs
- Risk Distribution: All 16 neighbors scored medium risk (40-65 range)
Notable neighbor risk scores: 172.236.228.193 (65), 172.236.228.38/39/86/111/115/197/202/208/218/222/224/227/229/245 (55), 172.236.228.198/202 (40)
Threat Indicators
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Active Threat Feeds: None
- Known Campaigns: None
- Threat Observation Count: 1
Historical Activity
Analysis of 25 historical observations reveals:
- Threat Persistence: Single threat observation recorded
- Infrastructure Consistency: Confirmed Linode cloud hosting across recent observations
- Geolocation: Persistent geolocation anomalies noted (RTT violations indicating claimed location mismatch)
- Ownership Stability: No ownership changes recorded
DNS & Network Intelligence
- PTR Record: 172-236-228-220.ip.linodeusercontent.com
- Forward Resolution: Confirmed
- Domain: linodeusercontent.com
- Email Authentication: No SPF or DMARC records configured
- BGP Prefix: 172.236.224.0/19
- Route Stability: False (route changes detected)
Recommended Security Actions
Based on risk profile and neighborhood context, the following actions are recommended:
Monitoring:
- Increase logging verbosity for traffic from this IP
- Review recent activity patterns
Blocking Recommendations:
*iptables:*
```
iptables -A INPUT -s 172.236.228.220 -j DROP
```
*nftables:*
```
nft add rule inet filter input ip saddr 172.236.228.220 drop
```
*nginx:*
```
deny 172.236.228.220;
```
*pfSense:*
```
172.236.228.220/32
```
*Cloudflare WAF:*
```json
{"description":"Block 172.236.228.220 β IPDebrief risk score 55","action":"block","filter":{"expression":"ip.src eq 172.236.228.220"}}
```
*AWS WAF:*
```json
{"Addresses":["172.236.228.220/32"],"Description":"IPDebrief risk 55"}
```
Intelligence Notes
1. The high neighborhood abuse density (0.625) with 62.5% of neighbors flagged as threat siblings suggests this subnet warrants broader monitoring consideration.
2. The IP's geolocation data shows significant validation anomalies (RTT 89ms vs minimum possible 180.3ms for claimed distance), indicating potential location spoofing or measurement error.
3. No active malicious services detected on this specific IP, though the cloud hosting classification and neighborhood context warrant continued surveillance.
4. The single threat observation recorded historically indicates prior security signals, though the IP is not currently flagged as persistently malicious.
Priority: Monitor/Baseline β Recommended for logging and review, with blocking considered based on organizational threat tolerance.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Linode |
| ASN | AS63949 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 172-236-228-220.ip.linodeusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 172-236-228-220.ip.linodeusercontent.com |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-15 08:43:24 UTC |
| Last Seen | 2026-06-28 02:01:48 UTC |
| Profile Built | 2026-06-28 20:06:59 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.