# IP Intelligence Briefing: 104.23.239.84/32
Classification: Moderate Risk CDN Infrastructure
Date: Current Assessment
Analyst: IPDebrief Intelligence Team
---
## Executive Summary
IP address 104.23.239.84 operates as Cloudflare CDN infrastructure with a moderate risk score of 40. The address belongs to the 104.23.239.0/24 subnet classified as high-abuse density, with 5 of 8 sibling IPs exhibiting threat indicators. No direct threat indicators detected on the target IP itself; risk stems from neighborhood context.
---
## Infrastructure Profile
Ownership: Cloudflare, Inc. (ASN 13335, ARIN)
Infrastructure Type: CDN (Content Delivery Network)
Network Role: Firewalled / No Services Detected
Geolocation: United States (Frankfurt am Main region)
Distance from Claimed Location: 296.5 km
Average RTT: 113.8 ms
The IP is part of Cloudflare's global edge network with anycast routing. No open ports or services were discovered; the address responds with firewalled responses typical of CDN edge nodes.
---
## Threat Assessment
Overall Risk Score: 40 (Moderate)
Abuse Confidence Score: Not applicable (infrastructure classification)
Blacklist Status: Clean (0 blacklist entries)
Threat Feeds: No matches
Known Campaigns: None identified
The target IP shows no direct threat indicators. It is not a Tor exit node, known attacker, or spam source. DNSSEC validation is confirmed active.
---
## Neighborhood Context Analysis
Subnet: 104.23.239.0/24
Abuse Density: 0.625 (High)
Inherited Risk Score: 12
Sibling IP Distribution:
- Total IPs in subnet: 8
- Active siblings: 2
- Threat siblings: 5
- All 7 neighbors: Risk Score 40, Authority Score 85
The 104.23.239.0/24 subnet demonstrates consistent risk characteristics across all monitored addresses, indicating this is a well-known Cloudflare edge segment. The high abuse density classification reflects typical CDN traffic patterns rather than malicious activity.
---
## Historical Observation Trend
Total Observations: 18
Risk Persistence: 0 days (transient)
Ownership Changes: 0 (stable)
Key Historical Signals:
- 2026-06-15: Most recent comprehensive scan confirmed CDN infrastructure with geolocation validation
- 2026-06-08: Earlier observations showed consistent US-based geolocation and high-abuse subnet classification
- Historical data indicates stable infrastructure with no escalation in threat behavior
The IP has maintained consistent classification as Cloudflare CDN infrastructure across all observation windows with no degradation in risk posture.
---
## Network Relationships
All 13 relationship indicators confirm association with CLOUDFLARENET network. No connections to external malicious infrastructure, domains, or organizations were identified.
---
## Recommended Security Actions
Classification: Allow with Monitoring
1. Permit Traffic: As a legitimate CDN provider, allow traffic from this IP address.
2. Rate Limiting: Apply standard CDN rate limiting policies (100-500 requests/second) to mitigate potential abuse.
3. WAF Integration: If using Cloudflare WAF, ensure policies are configured for legitimate CDN traffic.
4. No Blocking: Do not blockβthis is infrastructure required for legitimate web traffic.
5. Monitor: Watch for unusual traffic patterns that deviate from expected CDN behavior.
---
## Conclusion
IP 104.23.239.84 is a Cloudflare CDN edge address with moderate risk classification primarily due to neighborhood context. No direct threat indicators are present. The IP should be permitted through security controls with standard CDN traffic management policies applied. No blocking or restrictive firewall rules are recommended.
---
Data Sources: IPDebrief Intelligence Platform
Classification: Defensive Security Intelligence
Status: Complete
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cloudflare, Inc. |
| ASN | AS13335 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 21% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-18 03:21:21 UTC |
| Last Seen | 2026-06-28 05:57:32 UTC |
| Profile Built | 2026-06-29 00:02:41 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 21 |
Full dossier details are available via our API.