20.151.5.99
# INTELLIGENCE BRIEFING: 20.151.5.99/32
Classification: Azure Infrastructure Endpoint
Date: 2026-06-15
Risk Level: Moderate (50/100)
---
## EXECUTIVE SUMMARY
IP 20.151.5.99 is a Microsoft Azure cloud compute endpoint located in Redmond, WA, US (ASN 8075). The IP operates HTTPS services on port 443 and presents as legitimate Microsoft infrastructure. Risk score of 50/100 indicates moderate classification, requiring contextual evaluation before blocking actions. No active threat indicators detected.
---
## INFRASTRUCTURE PROFILE
Ownership:
- Organization: Microsoft Corporation
- ASN: 8075 (MSFT)
- BGP Prefix: 20.150.0.0/15
- RIR: ARIN
Network Role:
- Infrastructure Type: Cloud Compute
- Classification: Microsoft Azure
- Hosting Status: Active
- Connection Type: Internet-facing
Geolocation:
- Country: United States (US)
- Region: Washington (WA)
- City: Redmond
- Coordinates: 47.67°N, -122.12°W
- Geo Validation: Plausible (2 sources)
---
## SERVICE FINGERPRINT
| Parameter | Value |
|---|---|
| Open Ports | TCP/443 (HTTPS) |
| TLS Issuer | Microsoft TLS G2 RSA CA OCSP 02 |
| TLS Subject | bst-66cec088-fa5a-40eb-8aa1-0df3a608a967.test.bastion.azure.com |
| HTTP Version | 2.0 |
| Server Banner | Kestrel |
| DNSSEC | Valid |
| SPF Record | Present |
| DMARC Record | Present |
---
## THREAT INTELLIGENCE
Threat Indicators:
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- Known Campaigns: None
Control Plane:
- DNSBL Listed: 2 of 8 total lists
- Route Stability: False
- Operator Score: 0.1304 (Minimal)
- RPKI State: Not verified
- IRR Consistency: Not verified
Historical Signals:
- Total Observations: 24
- Threat Persistence Days: 0
- Ownership Changes: 0
- Last Updated: 2026-06-15
---
## NEIGHBORHOOD ANALYSIS
Subnet: 20.151.5.99/24
- Abuse Density: 0
- Classification: Clean
- Threat Siblings: 0
- Active Siblings: 1
- Total Siblings: 1
---
## RELATIONSHIP GRAPH
Connected Entities: 21 relationships identified
- All relationships classified as "Same Network" (MSFT)
- No external network associations detected
- No certificate or hostname relationships beyond Microsoft infrastructure
---
## RECOMMENDATIONS
Risk Assessment: The moderate risk score (50/100) is attributable to DNSBL presence (2/8 lists) and route instability, not active malicious behavior. Given the confirmed Microsoft Azure infrastructure status, blocking is not recommended unless additional contextual signals indicate abuse.
If Block Required:
```bash
# iptables
iptables -A INPUT -s 20.151.5.99 -j DROP
# nftables
nft add rule inet filter input ip saddr 20.151.5.99 drop
# Cloudflare WAF
{"description":"Block 20.151.5.99 โ IPDebrief risk score 50", "action":"block", "filter":{"expression":"ip.src eq 20.151.5.99"}}
# AWS WAF
{"Addresses":["20.151.5.99/32"],"Description":"IPDebrief risk 50"}
```
Operational Notes:
- Firewall rules marked as probabilistic; verify with additional signals
- Route instability flagged; monitor for BGP changes
- DNSSEC validation confirmed; trust relationship established
- No actionable threat intelligence requiring immediate response
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | Kestrel |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | bst-66cec088-fa5a-40eb-8aa1-0df3a608a967.test.bastion.azure.combst-66cec088-fa5a-40eb-8aa1-0df3a608a967-0.test.bastion.azure.combst-66cec088-fa5a-40eb-8aa1-0df3a608a967-1.test.bastion.azure.com |
| Valid From | 2026-05-29T22:09:31+00:00 |
| Valid Until | 2026-11-25T22:09:31+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384RSA |
| Validity Period | 180 days |
| Serial Number | 41003E3AB1B8DC78239293DFF40000003E3AB1 |
| Thumbprint | 976CE2011D11973EC9E71F03455A4AF1A7EDDAB3 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 18% | 1 | 2 |
| geolocation | 33% | 2 | 3 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mixed Signals (68%) โ 2 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ TLS certificate claims US but primary geo says CA
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-16 21:00:19 UTC |
| Last Seen | 2026-06-28 03:55:56 UTC |
| Profile Built | 2026-06-28 22:00:43 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 25 |
Full dossier details are available via our API.