135.13.28.35
# IP INTELLIGENCE BRIEFING: 135.13.28.35/32
Classification: Moderate Risk (Score: 50/100)
Date: Current Assessment
Analyst: IPDebrief Intelligence Team
## Executive Summary
IP address 135.13.28.35 is registered to Microsoft Azure (ASN 8075) and is hosted in Chennai, Tamil Nadu, India. The IP operates within a cloud compute environment with minimal active services. Historical observations indicate persistent cloud infrastructure with sporadic DNSBL listings. The IP presents moderate risk due to cloud hosting classification and historical blacklist associations.
## Technical Profile
| Attribute | Value |
|---|---|
| **IP Address** | 135.13.28.35/32 |
| **Risk Score** | 50 (Moderate) |
| **ASN** | 8075 |
| **Organization** | Microsoft Azure |
| **Country/Region** | India (IN) โ Tamil Nadu, Chennai |
| **Infrastructure Type** | CloudCompute |
| **Cloud Provider** | Microsoft Azure |
| **DNSBL Listed** | 2 of 8 lists |
| **Geolocation Confidence** | Low (2250 km accuracy radius) |
## Threat Intelligence Assessment
Indicators of Compromise
- Blacklist Status: Listed on 2 DNSBL entries (out of 8 total threat feeds)
- Campaign Association: No known attack campaigns correlated
- Tor Exit Node: Not detected
- Known Attacker: No indicators in threat databases
- Spam Source: Not classified as spam source
Network Behavior
- Service Exposure: Firewalled / No services detected
- Open Ports: None identified
- TLS/Certificate: No certificate data available
- PTR Records: None resolved
Control Plane Analysis
- BGP Prefix: 135.13.0.0/16
- Route Stability: Unstable (route changes detected in last 30 days)
- RPKI State: Not verified
- Operator Score: 0.1304 (Minimal)
## Neighborhood Analysis
Subnet: 135.13.28.0/24
Abuse Density: 1 (Low)
Classification: Mostly Clean
Total Siblings: 1
Active Siblings: 0
Threat Siblings: 1
The /24 subnet exhibits low abuse density, consistent with Microsoft Azure cloud infrastructure patterns. The single threat sibling may represent related infrastructure activity within the same cloud provider network.
## Historical Observations
The IP has generated 16 signal observations since initial discovery, with the most recent recorded on 2026-06-29. Historical data shows:
- Consistent cloud infrastructure classification
- Sporadic DNSBL listing activity (2 lists)
- Minimal service exposure changes
- No persistent malicious behavior indicators
- Ownership and registration stable
## Recommended Actions
Based on the risk profile, the following defensive measures are recommended:
Immediate Blocking:
```bash
# iptables
iptables -A INPUT -s 135.13.28.35 -j DROP
# nftables
nft add rule inet filter input ip saddr 135.13.28.35 drop
# nginx
deny 135.13.28.35;
```
WAF/Cloud Security:
- Cloudflare WAF: Block via IP expression filter
- AWS WAF: Add to IP set for blocking
- pfSense: Apply rule for 135.13.28.35/32
Monitoring Priorities:
- Monitor for service exposure changes on this IP
- Track DNSBL listing updates
- Watch for correlated activity in 135.13.28.0/24 subnet
## Intelligence Narrative
135.13.28.35 represents a Microsoft Azure cloud compute endpoint in India. The moderate risk classification stems from historical DNSBL associations and route instability, rather than active malicious behavior. The IP currently presents a low service attack surface with no open ports or exposed services. Cloud hosting environments in this subnet show low abuse density, suggesting legitimate infrastructure usage. However, the persistent presence on DNSBL lists warrants continued monitoring and defensive blocking until threat indicators diminish.
---
Status: Monitor | Confidence: Medium | Next Review: 7 days
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Divya Quamara |
| ASN | AS8075 |
| Network Name | cloud |
| CIDR Block | 135.13.0.0/17 |
| RIR | ARIN |
| Country | IN |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 26% | 2 | 2 |
| Overall | 20% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-25 06:41:01 UTC |
| Last Seen | 2026-06-29 01:09:08 UTC |
| Profile Built | 2026-06-29 07:11:15 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 17 |
Full dossier details are available via our API.