162.158.210.218
# IP INTELLIGENCE BRIEFING
Target: 162.158.210.218/32
Classification: Cloudflare CDN Infrastructure
Date: Current
Risk Score: 40 (Moderate Risk)
---
## EXECUTIVE SUMMARY
IP 162.158.210.218 is identified as Cloudflare CDN infrastructure (ASN 13335). While the IP itself shows no direct threat indicators, it resides within a high-abuse subnet (162.158.210.0/24) with an abuse density of 0.8684. The subnet contains 33 threat-sibling IPs out of 38 total siblings. This IP presents a moderate-risk profile requiring contextual evaluation before blocking.
---
## INFRASTRUCTURE ANALYSIS
Ownership & Provider:
- Organization: Cloudflare, Inc.
- ASN: 13335
- RIR: ARIN
- Infrastructure Type: CDN (Firewalled / No Services)
- BGP Prefix: 162.158.208.0/22
Geolocation:
- Country: United States (US)
- City: Sofia
- Accuracy Radius: 2500 km (multi-source consensus)
- Geolocation Confidence: Plausible (5 probes, avg RTT: 127.6ms)
Network Classification:
- CDN: Yes
- Cloud: No
- VPN/Proxy/Tor: No
- Hosting/Residential/Mobile: No
- Anycast: No
---
## THREAT INDICATORS
Direct Threat Signals:
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Blacklist Count: 0
- Campaign Associations: None
- Threat Feeds: None
DNSBL Status:
- Listed: 1 out of 8 DNSBL lists
- DNSBL Listed Count: 1
Historical Signals (June 2026):
- Consistently identified as CDN infrastructure
- High abuse density subnet classification maintained
- Operator score: 0.1739 (Minimal)
- Threat persistence: 0 days (not persistently malicious)
---
## NEIGHBORHOOD ANALYSIS
Subnet: 162.158.210.0/24
Risk Distribution:
- High Risk: 0 (0%)
- Medium Risk: 23 (62%)
- Low Risk: 14 (38%)
Abuse Metrics:
- Abuse Density: 0.8684 (High)
- Total Siblings: 38
- Active Siblings: 37
- Threat Siblings: 33
Notable Neighbors:
Multiple IPs with risk score 40-50 (162.158.210.10, 162.158.210.41, 162.158.210.248) show elevated risk within the same /24, indicating subnet-level abuse patterns.
---
## RELATIONSHIP MAPPING
Network Relationships:
- 22 relationships identified, all pointing to CLOUDFLARENET
- No external organizational relationships
- No certificate or hostname associations
Network Classification:
- All relationships classified as "Same Network" (CLOUDFLARENET)
- Indicates standard Cloudflare edge infrastructure
---
## RECOMMENDED ACTIONS
Risk-Based Mitigation:
Given the moderate risk score (40) and high-abuse subnet context, the following actions are recommended for evaluation:
| System | Recommended Action |
|---|---|
| iptables | `iptables -A INPUT -s 162.158.210.218 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 162.158.210.218 drop` |
| Nginx | `deny 162.158.210.218;` |
| pfSense | `162.158.210.218/32` |
| Cloudflare WAF | Block IP (risk score 40) |
| AWS WAF | Add 162.158.210.218/32 to blocklist |
Action Notes:
- These recommendations are probabilistic and should be combined with other signals before taking action
- Consider whitelist evaluation if this IP is legitimate CDN traffic for your infrastructure
- Monitor for continued abuse pattern if blocking is implemented
---
## ANALYST NOTES
This IP requires context-aware handling:
1. CDN Infrastructure: As a Cloudflare edge IP, blocking may impact legitimate traffic for protected services
2. Subnet Context: The 86.84% abuse density in the /24 subnet suggests systemic issues with this IP block
3. No Direct Indicators: The IP itself shows no direct attack indicators (blacklists, known campaigns, etc.)
4. Historical Stability: No ownership changes or persistent threat behavior observed
Recommendation: Evaluate whether this IP is in use for your organization's protected services. If not, and given the subnet-level abuse density, blocking with monitoring is recommended. If legitimate CDN traffic is expected, allow with rate-limiting and behavioral monitoring.
---
*Generated by IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cloudflare, Inc. |
| ASN | AS13335 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-13 06:37:17 UTC |
| Last Seen | 2026-06-27 22:38:41 UTC |
| Profile Built | 2026-06-28 16:44:12 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.