IP Intelligence Briefing: 104.28.162.210
Date: 2026-06-06
---
**1. Core Profile**
- Risk Score: 55 (Moderate Risk)
- Network Ownership: Cloudflare, Inc. (AS13335)
- Geolocation: Germany (Hesse, Dreieich)
- Network Role: CDN Infrastructure (Cloudflare)
- Threat Indicators: No direct malicious activity detected (no indicators, spam, or known campaigns).
---
**2. Observation History**
- Recent Activity:
- Detected 1 pulse (threat signal) from AlienVault OTX (June 6, 2026).
- Subnet abuse density: 0.27 (moderate risk in the 104.28.162.0/24 network).
- No persistent malicious behavior or long-term threats.
---
**3. Network Relationships**
- Linked Entities:
- Same network: CLOUDFLARENET (AS13335).
- Subnet classification: "Mixed" (combination of low and medium risk IPs).
- DNSSEC validation: Enabled.
- BGP route stability: Unstable (route changes in last 30 days).
---
**4. Neighborhood Analysis**
- Subnet: 104.28.162.0/24 (23 total IPs).
- Risk Distribution:
- 18 IPs with low risk (avg. score 40).
- 5 IPs with medium risk (avg. score 65).
- 0 high-risk IPs.
- Notable Neighbors:
- 104.28.162.7 (score 65), 104.28.162.47 (65), 104.28.162.57 (70).
- 104.28.162.218, 104.28.162.220, 104.28.162.252 (low risk).
---
**5. Recommendations**
- Monitoring:
- Track the subnet for emerging threats, particularly the 5 medium-risk neighbors.
- Verify if the detected pulse (AlienVault OTX) correlates with other threats.
- Network Segmentation:
- Consider isolating high-risk neighbors (e.g., 104.28.162.7) if they are not part of Cloudflareβs infrastructure.
- DNS & BGP:
- Validate DNSSEC and monitor BGP route stability for potential spoofing or hijacking.
---
Conclusion:
104.28.162.210 is part of Cloudflareβs CDN infrastructure with moderate risk. While no direct malicious activity is detected, the subnet contains a mix of low and medium-risk IPs. SOC teams should monitor for anomalies in the subnet and validate the pulse signal to ensure no missed threats.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cloudflare, Inc. |
| ASN | AS13335 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 19% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 17% | 9 | 11 |
| Data Coherence | Mostly Consistent (85%) β 1 contradiction(s) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-13 00:02:21 UTC |
| Last Seen | 2026-06-06 16:37:58 UTC |
| Profile Built | 2026-06-06 16:40:23 UTC |
| Data Freshness | Live |
| Signal Types | 15 |
| Total Observations | 16 |
Full dossier details are available via our API.