20.2.83.149
# IP INTELLIGENCE BRIEFING: 20.2.83.149/32
Classification: Moderate Risk | Date: Current Analysis
Platform: IPDebrief Threat Intelligence
---
## EXECUTIVE SUMMARY
IP address 20.2.83.149 operates within Microsoft Azure infrastructure and presents moderate-risk characteristics. The address is registered to Microsoft Corporation (ASN 8075) with geolocation consensus pointing to Hong Kong. The IP is listed on 2 out of 8 DNSBLs and shows one active threat sibling in its /24 subnet. No active threat campaigns or known attacker indicators observed.
---
## PROFILE DETAILS
Ownership & Registration:
- ASN: 8075 (Microsoft Corporation)
- Country: Hong Kong (HK)
- RIR: ARIN
- Infrastructure Type: Cloud Compute (Microsoft Azure)
- Network Role: Cloud Hosting Provider
Risk Assessment:
- Overall Risk Score: 50/100 (Moderate Risk)
- Provider Score: 0
- Authority Score: 0
- Stability Score: 0
Control Plane Data:
- BGP Prefix: 20.0.0.0/11
- Route Stability: Not stable
- Operator Score: 0.2174 (Minimal)
- DNSBL Listings: 2 of 8 lists
- DNSSEC: Valid
- CAA Records: Present
---
## NETWORK FINGERPRINT & SERVICES
Open Ports:
- TCP/80 (HTTP)
- TCP/443 (HTTPS)
- TCP/22 (SSH)
Service Identification:
- Web Server: nginx/1.24.0 (Ubuntu)
- SSH: OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
- TLS Certificate: Let's Encrypt (CN=diaryaku.duckdns.org)
- TLS Protocol: TLS 1.3
---
## THREAT INDICATORS
Current Threat Status:
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Active Campaigns: None
- Blacklist Count: 2
Geolocation Validation:
- Geo Plausible: Yes
- Distance: 9,173.5 km from probe location
- Status: ICMP blocked - unable to validate
---
## OBSERVATION HISTORY
Signal Count: 24 observations recorded
Temporal Activity: Observations span from mid-June 2026
Key Observations:
- HTTP fingerprinting shows consistent nginx/1.24.0 server banner
- TLS scanning confirms TLS 1.3 with strong cipher suites (TLS_AES_256_GCM_SHA384)
- Operator scoring assessments indicate minimal operator risk (0.2174)
- Multiple DNS and routing signals collected
Risk Trajectory: IP maintains stable moderate-risk profile with no escalation patterns observed.
---
## NEIGHBORHOOD ANALYSIS
Subnet: 20.2.83.149/24
Abuse Density: 1
Classification: Mostly Clean
Sibling Statistics:
- Total Siblings: 1
- Active Siblings: 1
- Threat Siblings: 1
Risk Distribution: High: 0 | Medium: 0 | Low: 0
---
## RELATIONSHIP GRAPH
Direct Associations: 52 relationships identified
- Primary Association: Same Network (MSFT) - 47+ instances
- Indicates strong Microsoft infrastructure clustering
---
## SOC ACTIONS & RECOMMENDATIONS
Based on risk profile and threat indicators, the following actions are recommended:
Monitoring:
- No immediate blocking recommended
- Monitor for changes in DNSBL listing status
- Track neighborhood threat sibling activity
Rule Recommendations:
- No specific iptables/nftables rules required
- No Cloudflare WAF or AWS WAF rules generated
- Standard cloud security policies apply
Classification Flags:
- Is Cloud: Yes
- Is Hosting: Yes
- Is CDN/Proxy/VPN/Tor: No
- Is Bogon/Residential/Mobile: No
---
Intel Confidence: Standard | Data Sources: IPDebrief Intelligence Platform
Analysis Complete: Current timestamp
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.24.0 (Ubuntu) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
| SANs | diaryaku.duckdns.org |
| Valid From | 2026-06-15T09:45:29+00:00 |
| Valid Until | 2026-09-13T09:45:28+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 05EA64E665E6D37A3A7BEC12648A2DB55899 |
| Thumbprint | 9D0750A2CC09D7056A096F5B6D514CCB7942F07C |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 25% | 2 | 4 |
| ownership | 17% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 24% | 10 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-13 12:12:42 UTC |
| Last Seen | 2026-06-27 23:11:43 UTC |
| Profile Built | 2026-06-28 17:16:28 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.