172.71.148.71
IP Intelligence Briefing: 172.71.148.71
Date: June 8, 2026
---
**1. Core Profile**
- Risk Score: Moderate (40/100)
- Provider: Cloudflare (ASN 13335)
- Geolocation: Frankfurt am Main, Germany (US region in dataset)
- Network Role: CDN infrastructure (no services/open ports detected)
- Threat Indicators: No malicious activity, no known campaigns, no blacklist entries.
---
**2. Observation History**
- Recent Activity (June 8, 2026):
- Minimal risk score (0.13) with high DNSSEC validity.
- Subnet abuse density: 71.43% (high abuse classification).
- No persistent malicious behavior; threat observation count: 1.
- Historical Trends:
- Stable ownership (no changes in 30 days).
- No spikes in threat signals or network anomalies.
---
**3. Network Relationships**
- Linked Entities:
- Part of CLOUDFLARENET (ASN 13335).
- No direct ties to hostnames, organizations, or certificates.
- Subnet Context:
- 172.71.148.0/24 subnet.
- 9 sibling IPs in the subnet:
- 6 IPs with moderate risk (40/100).
- 3 IPs with low risk (0/100).
- Abuse density: 71.43% (high risk).
---
**4. Neighborhood Analysis**
- Neighbor IPs:
- 172.71.148.6, 89, 114, 177, 178, 181 (moderate risk, 40/100).
- 172.71.148.66, 184, 185 (low risk, 0/100).
- Key Insight:
- High abuse density in the subnet suggests potential for malicious activity in the vicinity.
- No direct ties to known attackers or spam sources.
---
**5. Recommendations**
- Monitoring:
- Track subnet (172.71.148.0/24) for unusual traffic patterns or new high-risk neighbors.
- Verify if Cloudflareβs CDN infrastructure is being leveraged for unexpected purposes.
- Mitigation:
- No immediate action required for this IP, but consider blocking the subnet if suspicious activity is detected.
- Validate DNSSEC and BGP route stability for associated networks.
---
Conclusion:
172.71.148.71 is a legitimate Cloudflare CDN IP with no direct malicious indicators. However, its subnet exhibits high abuse density, warranting closer scrutiny. SOC teams should prioritize monitoring the subnet for lateral movement or emerging threats.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cloudflare, Inc. |
| ASN | AS13335 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-18 03:22:02 UTC |
| Last Seen | 2026-06-28 06:02:53 UTC |
| Profile Built | 2026-06-29 00:08:27 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 23 |
Full dossier details are available via our API.