Cloudflare Intelligence
Cloudflare operates one of the world's largest CDN, DNS, and reverse proxy networks, with data centers in 300+ cities and peering with thousands of networks. This gives them unique visibility into internet routing, traffic patterns, and security threats. We integrate three Cloudflare data sources to enrich our lookups on robtex.com, rtsak.com, and dns.ninja.
Source:Cloudflare Intelligence
Cloudflare IP Ranges
Cloudflare publishes the official IP address ranges used by their CDN and reverse proxy infrastructure. When a domain uses Cloudflare's proxy service (the "orange cloud"), its DNS records point to Cloudflare IPs rather than the origin server.
The published ranges (both IPv4 and IPv6 CIDR blocks) are used by:
- Web servers — origin servers whitelist Cloudflare IPs to block direct access
- Network operators — ISPs identify Cloudflare-proxied traffic for routing policy
- Security tools — determine whether a domain hides its origin behind Cloudflare's proxy
When a domain resolves to a Cloudflare IP, reverse DNS returns Cloudflare's PTR records, not the target domain's. IP reputation for shared Cloudflare IPs reflects the entire edge node, not any individual website.
Cloudflare Radar BGP
Cloudflare Radar exposes BGP routing intelligence from AS13335, one of the most connected autonomous systems on the internet. Their massive peering footprint provides visibility that complements academic measurement projects like RouteViews and RIPE RIS:
- BGP hijack detection — unauthorized origin changes for IP prefixes
- Route leak detection — prefixes propagated beyond their intended scope
- Routing anomaly alerts — sudden AS path changes, new more-specific announcements, connectivity disruptions
- RPKI validation status — which prefixes have valid, invalid, or missing ROAs
What makes Cloudflare's BGP view distinctive is its operational relevance. Unlike passive measurement projects that simply observe routing, Cloudflare actively uses BGP data to route real traffic. Their anomaly detection is validated against actual traffic impact, not theoretical analysis.
Cloudflare Radar ASN Intelligence
Through the Radar platform, Cloudflare surfaces AS-level analytics derived from HTTP/HTTPS traffic across millions of websites:
- Traffic volume and trends — relative traffic levels, outages, and growth per AS
- Protocol adoption — HTTPS, HTTP/2, HTTP/3 (QUIC), IPv6 usage rates
- Bot traffic percentage — automated vs human traffic based on Cloudflare's bot detection
- Attack traffic — DDoS, credential stuffing, and other malicious traffic volume
- Network type classification — residential ISP, hosting, enterprise, or mobile carrier
This data is unique because it comes from actual application-layer traffic, not routing tables. BGP tells you how traffic is routed; Cloudflare Radar tells you what traffic is actually flowing.
How We Use This Data
On robtex.com and rtsak.com, we combine all three Cloudflare data sources:
- IP lookups — identify Cloudflare-proxied domains, explain shared-IP reverse DNS behavior
- AS profiles — display traffic characteristics, bot percentage, attack signals alongside BGP routing data
- Prefix analysis — cross-reference Cloudflare's routing health assessment with RouteViews and RIPE RIS data
- Domain lookups on dns.ninja — flag Cloudflare-proxied domains to explain proxy behavior
When all vantage points (Cloudflare, RouteViews, RIPE RIS) report consistent routing for a prefix, that represents strong confidence. When they disagree, it highlights the importance of multi-source analysis.