20.229.115.183
IP Intelligence Briefing: 20.229.115.183
Date: 2026-06-14
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Ownership: Microsoft Corporation (ASN 8075)
- Geolocation:
- Country: US
- City: Amsterdam (potential data discrepancy; aligns with Microsoft's global infrastructure).
- Network Role: Microsoft Azure cloud compute service (Hosting/Web Server).
- Services:
- HTTP (port 80), HTTPS (port 443), SSH (port 22), HTTP-alt (port 8080).
- Server banner: Caddy.
---
**2. Threat Indicators**
- No Malicious Activity Detected:
- No indicators of spam, attacks, or Tor exit nodes.
- Zero blacklist listings or threat campaign correlations.
- Connection Issues:
- One "connection_failed" observation (June 14, 2026).
- Subnet abuse density: 1/10 (mostly clean).
---
**3. Network Relationships**
- Linked Entities:
- Microsoft Azure network (MSFT) via same ASN (8075).
- No external subnets or hostnames associated.
---
**4. Neighborhood Analysis**
- Subnet: 20.229.115.183/24
- Neighbor Data:
- 0 active siblings in the subnet.
- No neighboring IPs reported (possibly a /24 subnet with only this IP).
- Abuse Density: 0% (clean).
---
**5. Observation History**
- Recent Activity (June 2026):
- June 14: Connection failure (HTTPS).
- June 10: Subnet analysis (mostly clean, 1 threat sibling).
- June 10: Ownership stable (no changes).
- Trend: No persistent malicious behavior; risk score remains low.
---
**6. Recommended Actions**
- Monitoring:
- Track connection failures and verify HTTPS service stability.
- Monitor for unexpected changes in ownership or subnet abuse density.
- Firewall Rules (Sample):
- iptables: `iptables -A INPUT -s 20.229.115.183 -j DROP`
- Cloudflare WAF: Block IP with description "IPDebrief risk score 50."
- AWS WAF: Add `20.229.115.183/32` to a custom rule.
---
Conclusion:
This IP is a legitimate Microsoft Azure cloud server with no current malicious activity. The moderate risk score is likely due to sporadic connection issues. SOC teams should monitor for anomalies but prioritize other high-risk assets unless this IP is part of a broader suspicious network.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| 8080 | http-alt | tcp | β |
| Closed Ports | 25, 3389, 8443 (4 open / 7 scanned) | ||
| Server | Caddy |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 21% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 18:17:15 UTC |
| Last Seen | 2026-06-28 20:03:06 UTC |
| Profile Built | 2026-06-29 08:07:18 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 22 |
Full dossier details are available via our API.