## Intelligence Briefing: IP 23.239.29.226
Classification: Cloud Infrastructure Host | Risk Level: LOW (25/100)
Executive Summary
IP 23.239.29.226 is a Linode cloud compute instance with low-risk reputation. The address resolves to Linode's cloud infrastructure in Richardson, TX, US. While currently classified as low-risk, the IP exhibits one DNSBL listing and one threat sibling within the /24 subnet, warranting continued monitoring.
Technical Profile
- Owner/Provider: Linode (ASN 63949)
- Network Role: Cloud Compute / Single-Service Host
- Location: Richardson, TX, United States
- BGP Prefix: 23.239.28.0/22
- DNS Resolution: 23-239-29-226.ip.linodeusercontent.com
- Active Services: SSH (Port 22/tcp, OpenSSH 9.6p1 Ubuntu)
- Risk Score: 25 (Low Risk)
- Operator Score: 0.2609 (Basic)
Threat Indicators
- DNSBL Status: Listed on 1 of 8 threat lists
- Known Campaigns: None identified
- Tor/Proxy/VPN: Not associated
- Abuse Confidence: Not scored
- Threat Persistence: 0 days observed
Historical Analysis
The IP has generated 21 signal observations as of June 14, 2026. Historical signals include geolocation, certificate validation, operator scoring, and threat assessment dimensions. No persistent malicious activity detected. The threat observation count remains at 1 with no sustained malicious behavior pattern.
Neighborhood Context (23.239.29.0/24)
- Abuse Density: 1 (classified as "mostly_clean")
- Total Siblings: 1 active IP in /24
- Threat Siblings: 1
- Risk Distribution: No high or medium-risk neighbors detected in neighborhood
Relationship Graph
40 relationships identified, including multiple Linode network associations and DNS hostname associations. All relationships point to legitimate Linode infrastructure resources.
Recommended Actions
1. Monitor DNSBL activity: The single DNSBL listing should be verified for legitimacy. Investigate which specific list flags this address.
2. Track sibling activity: The one threat sibling within the /24 subnet (23.239.29.x) should be correlated for potential coordinated abuse.
3. SSH traffic analysis: Open SSH service is typical for cloud infrastructure. Verify traffic patterns are consistent with legitimate administrative use.
4. No immediate block recommended: Current risk profile supports allow-with-monitoring posture for defensive operations.
Conclusion
IP 23.239.29.226 represents a legitimate Linode cloud hosting instance with minimal threat indicators. The single DNSBL listing and one threat sibling warrant awareness but do not justify immediate blocking. Continue standard cloud infrastructure monitoring practices.
---
Intelligence Source: IPDebrief | Data Freshness: Current | Classification: Defensive Security
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Linode |
| ASN | AS63949 |
| Network Name | β |
| CIDR Block | 23.239.28.0/22 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 23-239-29-226.ip.linodeusercontent.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | turn-observer-us-gulf.houdi.ni |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 35% | 2 | 4 |
| ownership | 35% | 3 | 5 |
| reputation | 28% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 31% | 12 | 22 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-09 17:41:31 UTC |
| Last Seen | 2026-06-27 16:10:38 UTC |
| Profile Built | 2026-06-28 10:17:16 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 33 |
Full dossier details are available via our API.