140.99.130.224

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

IP INTELLIGENCE BRIEFING

Target: 140.99.130.224/32

Classification: LOW RISK / INFRASTRUCTURE

Date: 2026-06-26

---

EXECUTIVE SUMMARY

IP 140.99.130.224 presents as a low-risk infrastructure endpoint with a reputation score of 25/100. The address is owned by Internet Utilities NA LLC (ASN 212238) and registered under the Oakland, CA geolocation. No active threat indicators were identified, with zero open ports detected on the host.

OWNERSHIP & NETWORK CLASSIFICATION

Organization: Internet Utilities NA LLC
ASN: 212238
CIDR Block: 140.99.130.0/24
Network Classification: Not a CDN, VPN, proxy, Tor exit, or hosting service
Service Status: Firewalled / No Services exposed
IP Reputation: Low Risk

GEOLOCATION VALIDATION

Claimed Location: Oakland, CA, US
Validation Status: Geo-plausible (5 probe samples)
Distance Anomaly: 10,382.9 km reported distance from claimed coordinates
Minimum Possible RTT: 207.7ms
Average RTT: 260.4ms
Note: Significant distance discrepancy warrants geographic validation against connection logs

THREAT INDICATORS

Blacklist Status: Listed on 1 of 8 DNS blacklist feeds (high severity)
Tor Exit Node: No
Known Attacker: No
Spam Source: No
Campaign Correlation: 0 associated campaigns
Abuse Confidence: Low

NEIGHBORHOOD ANALYSIS

Subnet Abuse Density: 0% (clean)
Classification: Mostly clean
Threat Siblings in /24: 1
Active Siblings: 0
Risk Distribution: No high or medium risk neighbors detected

OBSERVATION HISTORY

Total Observations: 19
Recent Activity: DNS blacklist activity observed June 2026 (1 of 8 lists)
Historical ASN Signals: AS7029 Windstream Communications LLC referenced in historical data
Persistence: Not persistently malicious

RELATIONSHIP GRAPH

Related Entities: 14 relationships identified
Primary Association: NETUTILS network
Connection Type: Same Network relationships

RECOMMENDED ACTIONS

Risk Score: 25 (Low Risk)
Firewall Action: No immediate blocking required
Monitoring: Monitor for changes in blacklist status or service exposure
Investigation Priority: Low

SOC ANALYST NOTES

1. The IP maintains a low-risk posture with no active threat indicators

2. DNS blacklist listing (1 of 8) should be verified for current relevance

3. Geographic distance anomaly (claimed Oakland vs. 10,382 km distance) may indicate routing anomalies or misconfiguration

4. The /24 subnet shows minimal abuse density; threat sibling of 1 should be investigated for potential lateral relationships

5. No services detected; IP appears to be a passive endpoint with firewall protection

FINAL ASSESSMENT

This IP address represents a low-risk infrastructure endpoint with minimal threat activity. Standard monitoring procedures are recommended without immediate blocking actions.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	CA
City	Oakland
Timezone	—
Latitude	1.29
Longitude	103.85

🏢 Ownership & Registration

Organization	Internet Utilities NA LLC
ASN	AS212238
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Web Server
Network Tier	Unknown — Insufficient routing data to classify

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
Closed Ports	22, 25, 3389, 8080, 8443 (2 open / 7 scanned)

Server	nginx
HTTP Title	—

🔐 TLS Certificate

A self-signed certificate was detected. This is common for development servers, internal services, or IoT devices.

⚠️

CN=host.dragency.net, OU=IT, O=Hestia Control Panel, L=San Francisco, S=California, C=US

Issued by CN=host.dragency.net, OU=IT, O=Hestia Control Panel, L=San Francisco, S=California, C=US

Self-signed: Yes

SANs	None
Valid From	2025-10-25T15:41:17+00:00
Valid Until	2026-10-25T15:41:17+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_128_GCM_SHA256
Signature Algorithm	sha256RSA
Validity Period	365 days
Serial Number	084DF5AE5232BB3D29D90E78BC614ADC9864CE42
Thumbprint	31E128116C9112177F2390876B27BF1D58856D18

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	3
routing	13%	1	1
services	8%	1	1
ownership	24%	2	3
reputation	22%	1	3
geolocation	27%	2	3
Overall	20%	9	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-11 15:04:03 UTC
Last Seen	2026-06-26 10:03:37 UTC
Profile Built	2026-06-26 10:38:50 UTC
Data Freshness	Live
Signal Types	21
Total Observations	21

🔍 21 signal types · 21 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

140.99.130.224📋 Copy