162.158.210.107
# IP INTELLIGENCE BRIEFING
Subject: 162.158.210.107/32
Date: 2026-06-19
Classification: LOW RISK WITH HIGH-ABUSE SUBNET CONTEXT
---
## EXECUTIVE SUMMARY
IP 162.158.210.107 is a Cloudflare CDN infrastructure endpoint with an individual risk score of 30 (Low Risk). While the IP itself shows no direct threat indicators, the /24 subnet (162.158.210.0/24) exhibits high abuse density (0.8684) with 33 of 37 active siblings classified as threats. SOC teams should monitor this IP for anomalous activity patterns consistent with CDN-based attacks while maintaining standard monitoring posture.
---
## PROFILE ANALYSIS
Ownership & Infrastructure
- Organization: Cloudflare, Inc. (ASN 13335)
- Network Classification: CDN (Content Delivery Network)
- Provider: Cloudflare
- BGP Prefix: 162.158.208.0/22
- Route Stability: Stable (isRouteStable: true)
- RPKI State: Valid
- DNSSEC: Valid
Geolocation
- Country: United States (US)
- City: Sofia
- Accuracy Radius: 2500km
- Min RTT: 122ms | Avg RTT:** 125.4ms
Threat Indicators
- Risk Score: 30 (Low Risk)
- Abuse Confidence: Not applicable
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- DNSBL Listed: 1 of 8 lists
Network Role
- Infrastructure Type: CDN
- Service Purpose: Firewalled / No Services
- Open Ports: None detected
- TLS Certificate: Not applicable
---
## OBSERVATION HISTORY
Temporal Analysis (26 Observations)
- Latest Classification: high_abuse (2026-06-19)
- Inherited Risk Score: 34
- Abuse Density: 0.8684
- Subnet Classification: 162.158.210.107/24
Historical Trends
- Provider consistently identified as Cloudflare
- Route stability maintained throughout observation period
- No ownership changes detected
- Threat persistence: 0 days
---
## NEIGHBORHOOD ANALYSIS
Subnet Context: 162.158.210.0/24
- Total Siblings: 38
- Active Siblings: 37
- Threat Siblings: 33
- Abuse Density: 0.8684 (High)
- Subnet Classification: high_abuse
Risk Distribution Among Neighbors
- High Risk: 0 IPs
- Medium Risk: 24 IPs (Risk Score 30-40)
- Low Risk: 13 IPs
Key Neighbor Observations
Multiple neighbors show consistent risk scores of 30-50 with authority scores of 85, indicating legitimate Cloudflare infrastructure with varying risk profiles. Notable high-risk neighbors include 162.158.210.248 (Risk Score 50) and several IPs in the 162.158.210.194-249 range.
---
## RELATIONSHIP GRAPH
Connected Entities (25 Relationships)
All relationships identified as "Same Network" pointing to CLOUDFLARENET. This confirms the IP is part of Cloudflare's global CDN infrastructure network. No organizational, hostname, or certificate relationships detected beyond network-level associations.
---
## RECOMMENDED ACTIONS
Security Posture: Standard Monitoring
- Risk Level: Low (Score: 30)
- Recommended Action: No immediate blocking required
- Monitoring Level: Standard
Firewall Rules: None generated (probabilistic assessment indicates low threat)
SOC Team Guidance:
1. Monitor for anomalous traffic patterns inconsistent with CDN behavior
2. Flag for investigation if used in suspicious outbound connections
3. Maintain awareness of high-abuse subnet context when analyzing traffic from this IP
4. No immediate block action recommended per risk profile
---
## CONCLUSION
IP 162.158.210.107 represents legitimate Cloudflare CDN infrastructure with a low individual risk score. However, the high-abuse density of the /24 subnet warrants contextual awareness. SOC teams should treat this IP as benign infrastructure but monitor for activity that deviates from expected CDN behavior patterns. No immediate defensive action required.
Threat Level: LOW
Action Required: STANDARD MONITORING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cloudflare, Inc. |
| ASN | AS13335 |
| Network Name | β |
| CIDR Block | 162.158.208.0/22 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 27% | 4 | 5 |
| services | 15% | 2 | 2 |
| ownership | 24% | 3 | 4 |
| reputation | 28% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 25% | 14 | 21 |
| Data Coherence | Consistent (100%) |
| Attribution | High (80%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-13 06:37:17 UTC |
| Last Seen | 2026-06-27 22:36:42 UTC |
| Profile Built | 2026-06-28 16:41:54 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 30 |
Full dossier details are available via our API.