IPDebrief

20.83.40.172

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 20.83.40.172/32

Classification: Moderate Risk

Date: 2026-06-26

Prepared For: SOC Analyst Team

---

## Executive Summary

IP address 20.83.40.172 is an Azure infrastructure address belonging to Microsoft Corporation (ASN 8075). The IP demonstrates a moderate risk score of 40/100 with evidence of DNS blacklist associations. While geolocated to Microsoft Azure infrastructure in Des Moines, IA, the IP shows historical blacklist activity requiring monitoring. No active threat indicators or known campaign associations were detected.

---

## Ownership and Infrastructure Profile

AttributeValue
**Organization**Microsoft Corporation
**ASN**8075
**Network**Microsoft Azure Cloud Compute
**Geolocation**Des Moines, IA, US
**Provider Score**0
**Authority Score**0

The IP resolves to Microsoft Azure infrastructure with the hostname azpdcgn9z5qf.stretchoid.com. Infrastructure classification confirms cloud compute role with firewalled/no services posture.

---

## Risk Assessment

MetricValue
**Overall Risk Score**40 (Moderate)
**Abuse Confidence**Not applicable
**Known Attacker**No
**Spam Source**No
**Tor Exit Node**No
**Blacklist Count**2 of 8 lists
**Threat Persistence**0 days

The moderate risk score correlates with historical DNS blacklist activity. The IP appears on 2 out of 8 reputation lists with maximum severity ratings of "high." No persistent malicious behavior detected.

---

## Historical Observation Analysis

Observation Count: 21 signals tracked

Key Historical Signals:

The IP shows stable infrastructure patterns with no significant risk escalation trends. Ownership changes remain at zero, indicating consistent Azure infrastructure assignment.

---

## Network Relationships

Primary Associations:

Control Plane:

---

## Neighborhood Analysis

Subnet: 20.83.40.172/24

MetricValue
**Abuse Density**0
**Classification**Mostly Clean
**Inherited Risk**2
**Total Siblings**1
**Active Siblings**1
**Threat Siblings**1

The /24 subnet demonstrates low abuse density with mostly clean classification. Single threat sibling detected within the subnet range.

---

## Recommended Security Actions

Risk Score: 40

Recommendation Level: Monitor/Block Based on Policy

Firewall Rules Generated:

```bash

# iptables

iptables -A INPUT -s 20.83.40.172 -j DROP

# nftables

nft add rule inet filter input ip saddr 20.83.40.172 drop

# nginx

deny 20.83.40.172;

# pfSense

20.83.40.172/32

# Cloudflare WAF

Block 20.83.40.172 β€” IPDebrief risk score 40

filter: ip.src eq 20.83.40.172

# AWS WAF

Addresses: ["20.83.40.172/32"]

Description: IPDebrief risk 40

```

Note: These recommendations are probabilistic and should be combined with other signals before taking action.

---

## Intelligence Assessment

The IP 20.83.40.172 represents Microsoft Azure infrastructure with a moderate risk profile driven primarily by DNS blacklist associations rather than active malicious behavior. While the IP shows evidence of being listed on 2 reputation lists, the overall neighborhood remains mostly clean with low abuse density.

SOC Action: Monitor for escalation. Consider blocking if the IP originates traffic in contexts inconsistent with legitimate Azure service patterns. The moderate risk score warrants policy-based review rather than immediate blocking without additional correlation.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionIA
CityDes Moines
TimezoneAmerica/Chicago
Latitude41.60
Longitude-93.61

🏒 Ownership & Registration

OrganizationMicrosoft Corporation
ASNAS8075
Network Nameβ€”
CIDR Blockβ€”
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTRazpdcgn9z5qf.stretchoid.com
Forward ConfirmedYes β€” FCrDNS verified
Forward Hostnamesazpdcgn9z5qf.stretchoid.com

πŸ” DNS Hygiene

Hygiene Score60% (Good)
SPFNot configured
DMARCNot configured
FCrDNSVerified
DNSSECValid
CAAPresent

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierHosting β€” Infrastructure provider without advanced routing
CloudHosting

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
28%
24
routing
8%
11
services
12%
22
ownership
20%
23
reputation
26%
13
geolocation
35%
23
Overall22%1016
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (70%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-11 15:04:52 UTC
Last Seen2026-06-27 19:36:35 UTC
Profile Built2026-06-28 19:45:07 UTC
Data FreshnessLive
Signal Types22
Total Observations28
πŸ” 22 signal types Β· 28 observations collected
This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.