104.210.140.134
# INTELLIGENCE BRIEFING: 104.210.140.134/32
## Executive Summary
IP address 104.210.140.134 is registered to Microsoft Corporation (ASN 8075) and operates within Microsoft Azure cloud infrastructure. The IP carries a moderate risk score of 40 and resides in a subnet with high abuse density (0.625). Despite being cloud infrastructure, the subnet's elevated threat profile warrants monitoring and potential blocking depending on organizational security policies.
## Ownership and Geolocation
- Organization: Microsoft Corporation
- ASN: 8075
- Location: San Antonio, Texas, United States (29.43°N, 98.49°W)
- Geographic Consensus: Validated across multiple sources
- Registration RIR: ARIN
## Network Classification
- Infrastructure Type: Cloud infrastructure (Microsoft Azure)
- Network Role: Firewalled / No Services Open
- Anycast Status: No
- Proxy/VPN/Tor Exit: No
- Hosting Provider: No (Microsoft cloud compute)
- Mobile/Residential: No
## Threat Indicators Assessment
- Abuse Confidence Score: Not explicitly flagged
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- Threat Feeds: No active indicators
- Malicious Campaign Affiliation: None detected
## Neighborhood Analysis (104.210.140.0/24)
- Subnet Classification: High Abuse
- Abuse Density: 0.625
- Total Siblings: 16
- Active Siblings: 10
- Threat Siblings: 10
- Inherited Risk Score: 25
- Neighbor Risk Distribution: 15 medium-risk IPs (scores 40-50), 0 high-risk
All 15 neighboring IPs in the /24 subnet show risk scores of 40-50, with consistent authority scores of 50. This indicates a Microsoft Azure subnet segment with uniformly elevated risk characteristics.
## Historical Observations
Eighteen signal observations were recorded over the observation period:
- Most Recent: 2026-06-26
- Infrastructure Consistency: Persistent cloud infrastructure identification
- Ownership Stability: No ownership changes detected
- Threat Persistence: No persistent malicious behavior observed
- DNSSEC: Valid
- BGP Prefix: 104.208.0.0/13
- Route Stability: Not stable (route changes observed)
## Service and Port Analysis
- Open Ports: None detected
- TLS Certificate: Not available
- HTTP Title/Server Banner: Not available
- Hosted Domains: 0
- DNS Records: No forward resolution confirmed
## Recommended Security Actions
Based on the risk profile (40/100), the following firewall rules are recommended:
| Platform | Rule |
|---|---|
| iptables | `iptables -A INPUT -s 104.210.140.134 -j DROP` |
| nftables | `nft add rule inet filter input ip saddr 104.210.140.134 drop` |
| nginx | `deny 104.210.140.134;` |
| pfSense | `104.210.140.134/32` |
| Cloudflare WAF | Block with description "IPDebrief risk score 40" |
| AWS WAF | Add to blocked addresses list |
## Intelligence Assessment
The IP address is part of Microsoft Azure cloud infrastructure but operates within a subnet exhibiting high abuse density. While the IP itself shows no direct malicious indicators, the neighborhood context (10 threat siblings in a 16-IP subnet) suggests elevated risk for the broader network segment. The moderate risk score (40) combined with the high-abuse subnet classification warrants defensive posture adoption.
Recommendation: Implement blocking rules per the firewall recommendations above. Monitor for any changes in threat indicators or service activity. The cloud infrastructure nature suggests legitimate enterprise use, but the subnet-level abuse patterns indicate potential for compromised resources or abuse within the Microsoft Azure environment.
---
*Intel produced by IPDebrief analysis. All data sourced from automated observation and threat intelligence feeds. Timestamp: Current analysis session.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 20% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-12 09:39:35 UTC |
| Last Seen | 2026-06-27 21:06:24 UTC |
| Profile Built | 2026-06-28 15:13:03 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 23 |
Full dossier details are available via our API.