43.204.82.180📋 Copy

# IPDEBRIEF INTELLIGENCE BRIEFING

Target: 43.204.82.180/32

Classification: Low Risk / Infrastructure

Date: Current Assessment

Analyst: IPDebrief SOC Team

---

## EXECUTIVE SUMMARY

Target IP 43.204.82.180 is a cloud-based web server hosted on Amazon Web Services (AWS) infrastructure in Mumbai, India (ap-south-1). The IP presents a low risk profile (Risk Score: 25) with no active threat indicators. The endpoint is associated with legitimate infrastructure services and shows consistent, stable network behavior. No immediate blocking or mitigation actions recommended.

---

## INFRASTRUCTURE PROFILE

---

## NETWORK SERVICES

Open Ports:

• TCP/443 (HTTPS) - Active
• TCP/22 (SSH) - Open (OpenSSH_9.6p1 Ubuntu)

TLS Certificate:

• Issuer: Let's Encrypt (US)
• Subject: skilluat.dfindia.org
• Type: Standard (non-self-signed)

HTTP Fingerprint:

• Server: nginx/1.24.0 (Ubuntu)
• Generator: Odoo
• HTTP Version: 2.0
• HSTS: Enabled (max-age=63072000; includeSubdomains)
• CSP: Not configured

---

## THREAT ASSESSMENT

Current Risk Score: 25/100 (Low)

Abuse Confidence Score: N/A

Blacklist Status: Clean (0 blacklists)

Known Campaigns: None

Threat Persistence: 0 days (not persistently malicious)

Threat Indicators:

• Not a Tor exit node
• Not a known attacker IP
• Not a spam source
• No active threat feeds

---

## NETWORK BEHAVIOR & HISTORY

Observation History: 32 recorded observations

Route Stability: Stable (0 route changes in 30 days)

BGP Origin: 43.204.0.0/15 via AS34549 → AS16509

RPKI Status: Valid

IRR Consistency: Match

Delegation Age: 9,526 days

Recent HTTP Observations:

• Status Code: 200
• TTFB: 1557ms
• Content Security Policy: Missing
• Referrer Policy: Missing
• Permissions Policy: Missing

---

## DOMAIN & DNS ANALYSIS

Reverse DNS: ec2-43-204-82-180.ap-south-1.compute.amazonaws.com

Forward Resolution: Confirmed (amazonaws.com)

PTR Hostnames: 1

DNSSEC: Valid

DNSBL Listings: 1 of 8 total lists

Email Authentication: SPF: Yes, DMARC: Yes

---

## NEIGHBORHOOD ANALYSIS

Subnet: 43.204.82.180/24

Abuse Density: 1 (Low)

Classification: Mostly Clean

Total Siblings: 1

Active Siblings: 1

Threat Siblings: 1

Risk Distribution:

• High Risk: 0
• Medium Risk: 0
• Low Risk: 1 (target)

---

## RELATIONSHIP GRAPH

Total Relationships: 46

Primary Associations:

• AWS Network (AMAZON-AS-AP)
• DNS Hostname: ec2-43-204-82-180.ap-south-1.compute.amazonaws.com
• Multiple network and DNS association links

---

## OPERATOR ASSESSMENT

Operator Score: 0.6087 (Moderate

Operator Score: 0.6087 (Moderate)

Delegation Age: 9,526 days

Route Changes (30d): 0

---

## CAMPAIGN CORRELATION

Campaign Likelihood: None

CERT Matches: 0

Banner Matches: 0

Correlated IPs: 0

Certificate Subjects: None

---

## GEOGRAPHIC VALIDATION

Distance from Probe: 6,738.2 km

Minimum Possible RTT: 134.8 ms

ICMP Validation: Blocked

GeoPlausible: Yes

GeoConsensus: Validated

---

## OBSERVATION TIMELINE

Total Observations: 32

Most Recent Signal: 2026-06-19T03:28:24Z

Signal Type: Routing Assessment (Moderate Confidence: 0.85)

Previous Signal: 2026-06-18T09:00:42Z

HTTP Status: 200 (HTML Content)

---

## RECOMMENDATIONS

Current Action: Monitor / No Immediate Action Required

Risk Level: Low

Blocking Recommendation: Not Recommended

Investigation Priority: Low

Notes for SOC Team:

• Target is confirmed AWS infrastructure with valid DNSSEC and IRR consistency
• SSL certificate (skilluat.dfindia.org) indicates legitimate use case
• No malicious indicators or threat intelligence matches detected
• SSH port open per standard server configuration
• HSTS enabled on HTTPS service
• Single DNSBL listing noted; further investigation not warranted at this time

---

END OF INTELLIGENCE BRIEFING

Generated: IPDebrief Platform

Classification: Defensive Security Intelligence

Distribution: Authorized Personnel Only

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.