IPDebrief

162.158.210.107

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Subject: 162.158.210.107/32

Date: 2026-06-19

Classification: LOW RISK WITH HIGH-ABUSE SUBNET CONTEXT

---

## EXECUTIVE SUMMARY

IP 162.158.210.107 is a Cloudflare CDN infrastructure endpoint with an individual risk score of 30 (Low Risk). While the IP itself shows no direct threat indicators, the /24 subnet (162.158.210.0/24) exhibits high abuse density (0.8684) with 33 of 37 active siblings classified as threats. SOC teams should monitor this IP for anomalous activity patterns consistent with CDN-based attacks while maintaining standard monitoring posture.

---

## PROFILE ANALYSIS

Ownership & Infrastructure

Geolocation

Threat Indicators

Network Role

---

## OBSERVATION HISTORY

Temporal Analysis (26 Observations)

Historical Trends

---

## NEIGHBORHOOD ANALYSIS

Subnet Context: 162.158.210.0/24

Risk Distribution Among Neighbors

Key Neighbor Observations

Multiple neighbors show consistent risk scores of 30-50 with authority scores of 85, indicating legitimate Cloudflare infrastructure with varying risk profiles. Notable high-risk neighbors include 162.158.210.248 (Risk Score 50) and several IPs in the 162.158.210.194-249 range.

---

## RELATIONSHIP GRAPH

Connected Entities (25 Relationships)

All relationships identified as "Same Network" pointing to CLOUDFLARENET. This confirms the IP is part of Cloudflare's global CDN infrastructure network. No organizational, hostname, or certificate relationships detected beyond network-level associations.

---

## RECOMMENDED ACTIONS

Security Posture: Standard Monitoring

Firewall Rules: None generated (probabilistic assessment indicates low threat)

SOC Team Guidance:

1. Monitor for anomalous traffic patterns inconsistent with CDN behavior

2. Flag for investigation if used in suspicious outbound connections

3. Maintain awareness of high-abuse subnet context when analyzing traffic from this IP

4. No immediate block action recommended per risk profile

---

## CONCLUSION

IP 162.158.210.107 represents legitimate Cloudflare CDN infrastructure with a low individual risk score. However, the high-abuse density of the /24 subnet warrants contextual awareness. SOC teams should treat this IP as benign infrastructure but monitor for activity that deviates from expected CDN behavior patterns. No immediate defensive action required.

Threat Level: LOW

Action Required: STANDARD MONITORING

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
Region22
CitySofia
Timezoneβ€”
Latitude42.70
Longitude23.32

🏒 Ownership & Registration

OrganizationCloudflare, Inc.
ASNAS13335
Network Nameβ€”
CIDR Block162.158.208.0/22
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)

πŸ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierTier 3 β€” Basic operator with some routing infrastructure
CDN

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
26%
24
routing
27%
45
services
15%
22
ownership
24%
34
reputation
28%
13
geolocation
27%
23
Overall25%1421
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionHigh (80%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-13 06:37:17 UTC
Last Seen2026-06-27 22:36:42 UTC
Profile Built2026-06-28 16:41:54 UTC
Data FreshnessLive
Signal Types26
Total Observations30
πŸ” 26 signal types Β· 30 observations collected
This report is generated from 26+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.