162.158.210.103

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 162.158.210.103/32

## Executive Summary

The IP address 162.158.210.103 is a Cloudflare CDN infrastructure endpoint classified as Low Risk with a risk score of 30. While the IP itself shows no direct threat indicators, it resides in a /24 subnet with high abuse density (97.3%) and 36 out of 37 sibling IPs showing threat activity. The endpoint operates as a CDN/firewall with no open services.

---

## Ownership & Infrastructure

Organization: Cloudflare, Inc.
ASN: 13335 (Cloudflare)
Network Role: CDN Infrastructure
BGP Prefix: 162.158.208.0/22
Route Status: Stable (isRouteStable: true, 0 route changes in 30 days)
RPKI State: Valid
Control Plane: Origin ASN 13335, AS Path: 7018 13335

---

## Threat Assessment

Overall Risk Score: 30 (Low Risk)
Known Attacker: No
Tor Exit Node: No
Spam Source: No
Blacklist Count: 0
Threat Indicators: None detected
Campaign Associations: None

Note: The IP is listed on 1 of 8 DNSBLs (dnsblListedCount: 1), but this appears to be a CDN false positive rather than malicious activity.

---

## Neighborhood Analysis (162.158.210.0/24)

Abuse Density: 97.3% (high_abuse classification)
Total Siblings: 37
Active Siblings: 37
Threat Siblings: 36
Inherited Risk: 38

The /24 subnet demonstrates typical Cloudflare CDN traffic patterns with elevated neighborhood noise. Risk distribution across neighbors shows 23 medium-risk IPs and 14 low-risk IPs.

---

## Historical Observations

Observation Count: 30 signals tracked
Recent Classification (2026-06-19): High abuse classification with inherited risk of 34, abuse density 0.8684
CDN Confirmation: Multiple observations confirm Cloudflare CDN infrastructure
Geolocation Consistency: Historical RTT data shows 1650.3 km distance from probe location, 129.8ms average RTT

---

## Network Services

Open Ports: None detected (firewalled/no services)
DNS Resolution: Forward resolution unconfirmed
TLS/Certificates: None exposed
HTTP Services: None active

---

## Security Recommendations

Recommended Action: Allow traffic (standard CDN behavior)

The IP exhibits normal Cloudflare CDN characteristics:

No open ports or services exposed
No direct threat indicators
Standard BGP routing with valid RPKI
High-risk neighborhood is consistent with CDN edge infrastructure

No immediate blocking is recommended. Standard monitoring for traffic patterns from known Cloudflare edge ranges is sufficient.

---

## Key Indicators for SOC Teams

Risk Score: 30/100
Provider: Cloudflare (AS13335)
Subnet Abuse Density: 97.3% (neighborhood context)
Service Type: CDN/Proxy
Block Recommendation: No - Allow with monitoring

This IP represents legitimate CDN infrastructure. The high neighborhood abuse density reflects Cloudflare's role in absorbing malicious traffic rather than indicating direct threat from this specific endpoint.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	22
City	Sofia
Timezone	—
Latitude	42.70
Longitude	23.32

🏢 Ownership & Registration

Organization	Cloudflare, Inc.
ASN	AS13335
Network Name	—
CIDR Block	162.158.208.0/22
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Tier 3 — Basic operator with some routing infrastructure

CDN

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	29%	2	4
routing	27%	4	5
services	15%	2	2
ownership	24%	3	4
reputation	28%	1	3
geolocation	27%	2	3
Overall	25%	14	21

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	High (80%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-13 06:37:17 UTC
Last Seen	2026-06-27 22:35:46 UTC
Profile Built	2026-06-28 16:39:34 UTC
Data Freshness	Live
Signal Types	26
Total Observations	30

🔍 26 signal types · 30 observations collected

This report is generated from 26+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

162.158.210.103📋 Copy