172.71.148.114
IP Intelligence Briefing: 172.71.148.114
*Generated via IPDebrief Threat Intelligence Platform*
---
**1. Core Profile**
- Risk Assessment: Moderate Risk (Risk Score: 40/100). No direct malicious indicators (no malware, phishing, or C2 activity).
- Ownership:
- ISP: Cloudflare, Inc. (ASN 13335).
- Geolocation: Frankfurt am Main, Germany (US-based infrastructure).
- Network Role:
- CDN Provider: Cloudflare (firewalled / no services exposed).
- Subnet: 172.71.148.0/24 (high abuse density: 62.5%).
---
**2. Threat & Behavior**
- Malicious Indicators:
- No known spam, attacker, or Tor exit node activity.
- No DNSBL listings or TLS certificate anomalies.
- Behavioral Flags:
- Honeypot Hits: 0.
- Enumeration Activity: 0.
- WAF Violations: 0.
---
**3. Network Context**
- Subnet Analysis:
- Abuse Density: 62.5% (high-risk subnet).
- Neighbor IPs: 9 total, with 6 high-risk (score β₯ 25) and 3 low-risk.
- Threat Siblings: 5 IPs in the subnet flagged for abuse.
- Routing:
- BGP Prefix: 172.71.148.0/24.
- Route Stability: Unstable (route changes detected in 30 days).
---
**4. Historical Observations**
- Activity Trends:
- First observed on June 2, 2026 (abuse density analysis).
- Last observed on June 14, 2026 (no significant changes in risk profile).
- Geolocation Consistency:
- Plausible location (Frankfurt, Germany) with 296.5 km distance to probe source.
---
**5. Recommended Actions**
- Monitoring:
- Track subnet (172.71.148.0/24) for unusual traffic patterns or new high-risk neighbors.
- Verify if Cloudflare IP is part of legitimate CDN operations (e.g., check for known CDN IP ranges).
- Mitigation:
- Consider rate-limiting or blocking IPs with high-risk scores in the subnet (e.g., 172.71.148.6, 172.71.148.66).
- Validate DNSSEC and TLS configurations for associated domains (if applicable).
---
Conclusion: This IP is part of a high-abuse subnet managed by Cloudflare. While no direct malicious activity is detected, the subnetβs elevated risk profile warrants closer monitoring. SOC teams should focus on correlating this IP with other entities in the subnet and ensure defenses are aligned with Cloudflareβs infrastructure characteristics.
*Generated by IPDebrief β Threat Intelligence for SOC Teams*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cloudflare, Inc. |
| ASN | AS13335 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 43% | 2 | 5 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 25% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:03:54 UTC |
| Last Seen | 2026-06-27 02:12:29 UTC |
| Profile Built | 2026-06-27 20:17:52 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 27 |
Full dossier details are available via our API.