104.28.223.120
IP Intelligence Briefing: 104.28.223.120
Date: 2026-06-12
1. Core Profile
- Risk Score: 25 (Low Risk)
- Ownership: Managed by Cloudflare, Inc. (ASN 13335, CLOUDFLARENET).
- Geolocation: Registered to Ukraine (Sevastopol), but Cloudflareβs infrastructure is primarily U.S.-based. Geolocation data shows conflicting signals (U.S. origin via DNS observations).
- Network Role: CDN (Cloudflare), no services or hosting detected.
2. Threat Indicators
- No malicious activity detected: no DNSBL listings, spam, or known attacker associations.
- Zero threat indicators in 30-day observation window.
3. Observation History
- Recent Signals (Last 30 Days):
- 13 observations, including:
- U.S. geolocation (confidence 0.35, likely inaccurate).
- DNSSEC validation and CLOUDFLARENET network prefix.
- 1 DNSBL listing (out of 8 total lists).
- No persistent malicious behavior or campaign correlations.
4. Network Relationships
- Directly linked to Cloudflareβs CLOUDFLARENET network (ASN 13335).
- No peer relationships or subdomains associated.
5. Neighborhood Analysis
- Subnet: 104.28.223.0/24.
- No neighboring IPs detected; subnet abuse density is 0%.
6. Recommended Actions
- No firewall rules or security actions required based on current low-risk profile.
- Monitor for anomalies in geolocation or unexpected service exposure, given the CDN association.
Conclusion:
This IP is part of Cloudflareβs infrastructure and shows no signs of malicious activity. The geolocation discrepancy and DNSBL listing warrant further investigation, but no immediate action is required. SOC teams should remain vigilant for deviations in behavior, especially given the potential for CDN-based attacks.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cloudflare, Inc. |
| ASN | AS13335 |
| Network Name | CLOUDFLARENET |
| CIDR Block | 104.16.0.0/12 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 0% | 0 | 0 |
| routing | 0% | 0 | 0 |
| services | 0% | 0 | 0 |
| ownership | 27% | 2 | 3 |
| reputation | 0% | 0 | 0 |
| geolocation | 13% | 1 | 1 |
| Overall | 6% | 3 | 4 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-03 18:30:10 UTC |
| Last Seen | 2026-06-23 07:03:01 UTC |
| Profile Built | 2026-06-12 22:07:45 UTC |
| Data Freshness | Live |
| Signal Types | 14 |
| Total Observations | 14 |
Full dossier details are available via our API.