104.28.163.91
IP Intelligence Briefing: 104.28.163.91
*Generated via IPDebrief tools: Profile, History, Relationships, & Neighborhood Analysis*
---
**1. Core Profile**
- Risk Score: Moderate (55/100)
- Ownership:
- ASN: 13335 (Cloudflare, Inc.)
- ISP: Cloudflare CDN (CLOUDFLARENET)
- Geolocation: Germany (Dreieich, Hesse)
- Network Role: CDN infrastructure (no active services or hosting detected)
- Threat Indicators:
- No malicious indicators, spam, or known attacker associations.
- DNSSEC valid, no DNSBL listings.
---
**2. Observation History**
- Recent Activity:
- Consistent geolocation in Germany (50.02°N, 8.7°E) since May 2026.
- No changes in ownership or threat signals.
- Stability:
- BGP route stability: Unstable (route changes detected in 30 days).
- Operator score: Minimal (0.13).
---
**3. Relationships**
- Network Affiliations:
- Linked to CLOUDFLARENET (same ASN).
- No connections to other malicious entities or campaigns.
- Services:
- No open ports, TLS certs, or HTTP services detected.
---
**4. Neighborhood Analysis**
- Subnet: 104.28.163.0/24
- Abuse Density: 9% (low overall risk).
- Notable Neighbors:
- 104.28.163.92: High risk (80/100).
- 104.28.163.116: High risk (80/100).
- 104.28.163.188: Moderate risk (55/100).
- Subnet Context:
- 33 total IPs; 5 high-risk, 24 medium-risk, 3 low-risk.
---
**5. Threat Assessment**
- Legitimate Use:
- Cloudflare CDN node, likely used for DDoS mitigation or content delivery.
- Red Flags:
- Subnet contains high-risk IPs (e.g., 104.28.163.92).
- Unstable BGP routes may indicate network misconfiguration or probing.
- Recommendations:
- Monitor subnet for lateral movement or unusual traffic patterns.
- Investigate high-risk neighbors (e.g., 104.28.163.92) for potentialε ³θ.
- Ensure firewall rules block traffic to this subnet if not required.
---
Conclusion: This IP is a legitimate Cloudflare CDN node with no direct malicious activity. However, its subnet contains high-risk neighbors, warranting further investigation to rule out network-level compromises or shared infrastructure risks.
*Data sourced from IPDebrief tools. Use with operational security protocols.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cloudflare, Inc. |
| ASN | AS13335 |
| Network Name | CLOUDFLARENET |
| CIDR Block | 104.16.0.0/12 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 19% | 1 | 2 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 1 |
| geolocation | 27% | 2 | 2 |
| Overall | 19% | 8 | 10 |
| Data Coherence | Mostly Consistent (85%) β 1 contradiction(s) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-13 00:37:32 UTC |
| Last Seen | 2026-06-06 17:20:30 UTC |
| Profile Built | 2026-06-06 17:40:48 UTC |
| Data Freshness | Live |
| Signal Types | 15 |
| Total Observations | 16 |
Full dossier details are available via our API.