104.23.221.144
# IPDEBRIEF INTELLIGENCE BRIEFING
Target: 104.23.221.144/32
Classification: Low Risk
Date: 2026-06-28
Prepared For: SOC Operations Team
---
## EXECUTIVE SUMMARY
IP address 104.23.221.144 is a Cloudflare CDN infrastructure endpoint classified as Low Risk (Risk Score: 25). The IP operates within the legitimate Cloudflare network (ASN 13335) and exhibits standard CDN behavior with no malicious indicators detected. No immediate blocking or mitigation actions are recommended.
---
## INFRASTRUCTURE PROFILE
Ownership & Classification:
- Provider: Cloudflare, Inc.
- ASN: 13335
- Infrastructure Type: Content Delivery Network (CDN)
- Network Role: CDN/Firewalled - No open services detected
- BGP Prefix: 104.23.221.0/24
Geolocation:
- Country: United States (US)
- Region: Stockholm County (data source variance noted)
- Geo Consensus: Validated across multiple sources
- RTT Metrics: Avg 114.4ms (5 probes)
Threat Indicators:
- Blacklist Count: 0
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Campaign Association: None identified
---
## RISK ASSESSMENT
Current Risk Score: 25 (Low Risk)
Risk Breakdown:
- Provider Score: 0
- Authority Score: 0
- Stability Score: 0
Key Risk Factors:
- No active threat indicators present
- No malicious campaign correlations
- Standard CDN infrastructure with expected behavior
- No DNS-based abuse patterns
Control Plane Analysis:
- Route Stability: Stable
- DNSSEC: Valid
- RPKI State: Verified
- IRR Consistency: Maintained
---
## OBSERVATION HISTORY
Signal Persistence: 20 historical observations
Threat Observation Count: 1 (single historical event)
Persistent Malicious Activity: No
Key Historical Signals:
- 2026-06-28: CDN classification confirmed (90% confidence)
- 2026-06-20: Subnet abuse density observed at 66.67% (classification: mostly_clean)
- 2026-06-20: Geolocation signals from US sources with 35% confidence
- 2026-06-20: RTT measurements consistent with US deployment
Temporal Analysis: No ownership changes detected. Threat persistence days: 0. IP has maintained consistent CDN classification throughout observation window.
---
## NETWORK NEIGHBORHOOD ANALYSIS
Subnet: 104.23.221.0/24
Abuse Density: 66.67%
Classification: Mostly Clean
Sibling IPs (Active):
- 104.23.221.27 (Risk Score: 25, Authority Score: 85)
- 104.23.221.142 (Risk Score: 25, Authority Score: 85)
- 104.23.221.144 (Risk Score: 25, Authority Score: 85)
Assessment: All three active siblings in the /24 subnet share identical low-risk profiles. No high or medium-risk neighbors detected. Subnet classification indicates legitimate CDN operations.
---
## RELATIONSHIP GRAPH
Associated Entities: 18 relationships detected
Primary Association: CLOUDFLARENET (all relationships)
All network relationships resolve to Cloudflare's primary network designation, confirming the IP operates within expected Cloudflare infrastructure boundaries.
---
## DNS & SERVICE ANALYSIS
DNS Resolution: No forward DNS records detected
PTR Records: None resolved
Hosted Domains: 0 domains
Open Ports: None detected
TLS Certificates: None exposed
HTTP Services: No active HTTP endpoints detected
This is consistent with CDN edge infrastructure that primarily serves as a reverse proxy without exposing direct application services.
---
## SECURITY RECOMMENDATIONS
Recommended Actions: None
Firewall Rules: Not required
Rationale:
- IP operates within legitimate Cloudflare CDN infrastructure
- No malicious indicators present
- Low-risk profile (25/100)
- Standard CDN behavior with no anomalous activity
Monitoring Recommendations:
- Continue passive observation if traffic patterns suggest legitimate CDN usage
- Monitor for any deviation from expected CDN behavior patterns
- Review traffic patterns if unusual request volumes or destinations detected
---
## CONCLUSION
IP 104.23.221.144 represents a legitimate Cloudflare CDN endpoint with no security concerns. The IP exhibits expected infrastructure behavior with no threat indicators, blacklist associations, or malicious activity patterns. No blocking or mitigation measures are warranted. Traffic from or to this address should be permitted in accordance with standard CDN access policies.
---
*Generated by IPDebrief Intelligence Platform*
*Report ID: IP-104-23-221-144-20260628*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cloudflare, Inc. |
| ASN | AS13335 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 32% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-23 12:21:16 UTC |
| Last Seen | 2026-06-28 20:46:46 UTC |
| Profile Built | 2026-06-29 02:48:48 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 21 |
Full dossier details are available via our API.