172.71.172.205
IP Intelligence Briefing: 172.71.172.205
*Generated via IPDebrief tools: Profile, History, Relationships, Neighbors*
---
**1. Core Profile**
- Risk Rating: Moderate (Score: 40/100)
- Ownership:
- Provider: Cloudflare, Inc. (ASN: 13335)
- Geolocation: Frankfurt am Main, Hesse, Germany (US-based infrastructure)
- Network Role:
- CDN Node: Part of Cloudflare's global CDN infrastructure (no direct services exposed).
- Subnet: 172.71.172.0/24 (high abuse density: 66.67%).
- Threat Indicators:
- No malicious activity, spam, or known attacker associations.
- DNS/Services: No open ports, TLS certs, or HTTP services detected.
---
**2. Observation History**
- Stability: Stable over time (no significant risk changes).
- Key Trends:
- Consistent classification as a "Moderate Risk" CDN node.
- Subnet abuse density remains high (0.6667), but this IP shows no direct malicious signals.
---
**3. Relationships**
- Network Links:
- Linked to 20+ Cloudflare IPs in the same /24 subnet.
- No ties to Tor, VPNs, or mobile carriers.
- Threat Correlation:
- No known campaigns or malicious certificates associated.
---
**4. Neighborhood Analysis**
- Subnet Overview:
- Total IPs: 9 in the 172.71.172.0/24 subnet.
- Risk Distribution: 6 IPs flagged as "Moderate Risk" (40β50), 3 with "Low Risk" (40).
- Abuse Density: High (66.67%), suggesting potential for lateral movement or shared infrastructure risks.
- Notable Neighbors:
- 172.71.172.183: Higher risk (50/100).
- 172.71.172.197: Moderate risk (40/100).
---
**5. Recommendations**
- Monitoring:
- Track the 172.71.172.0/24 subnet for unusual activity due to high abuse density.
- Monitor neighbors like 172.71.172.183 for potential lateral movement.
- Mitigation:
- No immediate action required for this IP, but consider implementing network segmentation to isolate CDN traffic.
- Tools:
- Use IPDebrief's compare tool to analyze high-risk neighbors (e.g., 172.71.172.183) for deeper insights.
---
Conclusion: This IP is a legitimate Cloudflare CDN node with no direct malicious indicators. However, its subnetβs high abuse density warrants closer scrutiny. SOC teams should prioritize monitoring the subnet and its neighbors for emerging threats.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Cloudflare, Inc. |
| ASN | AS13335 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:03:54 UTC |
| Last Seen | 2026-06-27 02:13:39 UTC |
| Profile Built | 2026-06-27 20:20:17 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 24 |
Full dossier details are available via our API.