172.71.172.117
IP Intelligence Briefing: 172.71.172.117
Date: 2026-06-13
---
**1. Core Profile**
- Risk Score: Moderate (40/100)
- Ownership:
- ISP: Cloudflare, Inc. (ASN 13335)
- Network: CLOUDFLARENET (172.64.0.0/13)
- Geolocation:
- Country: United States (US)
- Region: CA (California)
- Coordinates: Approximate (39.83°N, -98.58°W)
- Network Role:
- Type: CDN (Cloudflare)
- Classification: Firewalled / No Services
---
**2. Threat Indicators**
- Direct Threats: No malicious indicators (no malware, spam, or known attacker tags).
- DNSBL Listings:
- Listed in 1 DNSBL (abuse confidence score: 0.13).
- Subnet Context:
- Abuse Density: 66.67% (high abuse classification).
- Neighbor Risk: 8/9 sibling IPs in the 172.71.172.0/24 subnet have moderate risk scores (40/100).
---
**3. Observation History**
- Recent Activity (Last 30 Days):
- No persistent malicious behavior.
- DNS Resolution: Stable (no recent changes).
- Geolocation Consensus: Plausible (US origin).
- Key Trends:
- No spikes in threat signals or network anomalies.
---
**4. Network Relationships**
- Linked Entities:
- Same Network: CLOUDFLARENET (172.64.0.0/13).
- Subnet: 172.71.172.0/24 (abuse classification: high).
- Neighbors:
- 8 IPs in the subnet (e.g., 172.71.172.30, 172.71.172.49).
- Risk Distribution: 8 IPs with moderate risk scores (40/100).
---
**5. Actionable Insights**
- SOC Recommendations:
- Monitor Subnet: High abuse density in 172.71.172.0/24 warrants closer scrutiny.
- Check DNSBLs: Investigate the 1 DNSBL listing for specific threats.
- Block Neighbors: Consider blocking high-risk neighbors if traffic patterns suggest malicious activity.
- Firewall Rules:
- Temporarily restrict traffic from 172.71.172.0/24 to isolate potential threats.
---
Conclusion:
172.71.172.117 is a legitimate Cloudflare CDN IP with no direct malicious activity. However, its subnet exhibits high abuse density, suggesting potential collateral risk. SOC teams should monitor the subnet for suspicious behavior and validate DNSBL listings for deeper threats.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cloudflare, Inc. |
| ASN | AS13335 |
| Network Name | CLOUDFLARENET |
| CIDR Block | 172.64.0.0/13 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 30% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 37% | 2 | 3 |
| Overall | 25% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Fresh
| First Seen | 2026-06-05 07:04:53 UTC |
| Last Seen | 2026-06-21 12:08:11 UTC |
| Profile Built | 2026-06-21 15:30:48 UTC |
| Data Freshness | Fresh |
| Signal Types | 19 |
| Total Observations | 21 |
Full dossier details are available via our API.