104.234.140.130
IP Intelligence Briefing: 104.234.140.130
*Generated via IPDebrief Threat Intelligence Platform*
---
**1. Core Profile**
- Risk Score: 40 (Moderate Risk)
- Ownership:
- ASN: 396356
- Organization: SECFIREWALLAS
- Subnet: 104.234.140.0/24
- Geolocation:
- Country: Canada (CA)
- Region/City: Tokyo, Japan (geolocation inconsistency noted)
- Latitude/Longitude: Unavailable
- Network Role:
- Firewalled / No Services
- No CDN, VPN, or proxy indicators
- Subnet Classification: High Abuse (abuse density: 76.92%)
---
**2. Threat Observations**
- Recent Activity:
- Listed in 8 threat feeds (1 high-severity listing, 7 medium).
- Scanned on 2026-05-29 with no open ports detected.
- No DNS resolution or email authentication records.
- Historical Trends:
- Persistent moderate risk since May 2026.
- No significant changes in ownership or threat persistence.
---
**3. Network Relationships**
- Subnet Context:
- Part of 104.234.140.0/24, a high-abuse subnet with 26 total IPs.
- 20/26 IPs in subnet flagged as threats (76.92% abuse density).
- Neighbors:
- All neighbors share similar risk scores (40/50).
- No immediate lateral movement or clustering detected.
---
**4. Behavioral Indicators**
- Services: No open ports or TLS/HTTP services detected.
- BGP/Control Plane:
- Route stability: Unstable (route changes in past 30 days).
- RPKI invalid: No validation records.
- Email/Domain: No SPF, DKIM, or DMARC records.
---
**5. Recommendations**
- Monitoring:
- Continuously monitor for service exposure or subnet-wide compromises.
- Investigate the 8 threat feed listings for potential false positives.
- Mitigation:
- Consider blocking the 104.234.140.0/24 subnet due to high abuse density.
- Validate geolocation anomalies (Tokyo, Japan vs. Canada registration).
- Tools:
- Use IPDebriefβs actions module to generate firewall rules for iptables/nftables.
---
Conclusion: The IP exhibits moderate risk but is part of a high-abuse subnet. While no direct malicious activity is observed, the subnetβs context and threat feed listings warrant closer scrutiny. Prioritize isolating the subnet and validating geolocation discrepancies.
*Generated by IPDebrief Threat Intelligence Platform β Unauthorized use prohibited.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | SECFIREWALLAS |
| ASN | AS396356 |
| Network Name | SG-104-234-140-0 |
| CIDR Block | 104.234.140.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | β |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 19% | 2 | 2 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 18% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-12 09:39:35 UTC |
| Last Seen | 2026-06-26 15:57:43 UTC |
| Profile Built | 2026-06-26 16:04:47 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 19 |
Full dossier details are available via our API.