172.236.228.224
# IP Intelligence Briefing: 172.236.228.224/32
Classification: Moderate Risk Hosting Infrastructure
Date: Current
Source: IPDebrief Intelligence Platform
---
## Executive Summary
IP address 172.236.228.224 is a Linode hosting infrastructure endpoint located in Los Angeles, US (ASN 63949). The IP carries a moderate risk score of 55/100 and is classified as hosting with no active services detected. While no direct threat indicators (Tor, malware, spam) were identified, the IP's /24 subnet demonstrates elevated abuse characteristics requiring defensive posture assessment.
---
## Technical Profile
Ownership & Classification:
- Provider: Linode (ASN 63949)
- Infrastructure Type: CloudCompute/Hosting
- Network Block: 172.236.224.0/19
- Registration: ARIN
Geolocation:
- Country: United States (US)
- Region: California (CA)
- City: Los Angeles
- Coordinates: 33.9416° N, 118.4085° W
- Validation Status: Geolocation data flagged for inconsistency (RTT measurements indicate 9,013.9km distance but 83ms RTT, which is physically impossible)
Network Services:
- Open Ports: None detected
- TLS Certificate: None
- DNS: PTR resolves to 172-236-228-224.ip.linodeusercontent.com
- Forward Confirmation: Confirmed
Risk Indicators:
- Risk Score: 55/100 (Moderate)
- Abuse Confidence Score: Not available
- Blacklist Status: Listed on 3 of 8 DNSBLs
- Known Campaigns: None identified
- Tor Exit: No
- Known Attacker: No
- Spam Source: No
---
## Subnet Context: 172.236.228.0/24
Abuse Classification: High Abuse
- Abuse Density: 0.5294 (52.94%)
- Total Siblings: 17
- Active Siblings: 11
- Threat Siblings: 9
- Risk Distribution: 16 Medium Risk, 0 High Risk
Notable Neighboring IPs:
- 172.236.228.193: Risk Score 65 (Elevated)
- 172.236.228.38, 39, 86, 111, 115, 197, 198, 202, 208, 218, 220, 222, 227, 229, 245: Risk Score 40-55
---
## Historical Observations
Total Observations: 24
Recent Classification Consistency: Linode hosting infrastructure with stable ownership
Threat Persistence: 0 days
Ownership Changes: 0
June 2026 observations confirmed subnet abuse density of 0.5294 with consistent provider attribution to Linode. No significant threat pattern changes detected over the observation window.
---
## Relationship Network
DNS Associations:
- 172-236-228-224.ip.linodeusercontent.com (repeated associations)
Network Relationships:
- LINODE network affiliation confirmed
- 41 total relationships identified in the relationship graph
---
## Recommended Security Actions
Primary Recommendation: Block this IP address
Risk Justification: Elevated risk score (55/100) combined with high-abuse subnet context
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 172.236.228.224 -j DROP
# nftables
nft add rule inet filter input ip saddr 172.236.228.224 drop
# nginx
deny 172.236.228.224;
# pfSense
172.236.228.224/32
# Cloudflare WAF
{
"description": "Block 172.236.228.224 β IPDebrief risk score 55",
"action": "block",
"filter": {
"expression": "ip.src eq 172.236.228.224"
}
}
# AWS WAF
{
"Addresses": ["172.236.228.224/32"],
"Description": "IPDebrief risk 55"
}
```
Monitoring Recommendation: Increase logging verbosity and review recent activity from this IP due to elevated risk score.
---
## Intelligence Assessment
This IP represents moderate-risk hosting infrastructure within a high-abuse subnet. The combination of elevated subnet abuse density (52.94%), multiple threat siblings in the /24, and DNSBL listings warrants defensive blocking. However, the lack of direct threat indicators (no known campaigns, no malware associations, no Tor exit) suggests the risk is contextual rather than confirmatory. SOC analysts should evaluate this IP in conjunction with other contextual signals before taking action.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Linode |
| ASN | AS63949 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 172-236-228-224.ip.linodeusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | 172-236-228-224.ip.linodeusercontent.com |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-17 15:12:06 UTC |
| Last Seen | 2026-06-28 05:11:23 UTC |
| Profile Built | 2026-06-28 23:15:17 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.