# IPDEBRIEF INTELLIGENCE BRIEFING
Target: 43.204.82.180/32
Classification: Low Risk / Infrastructure
Date: Current Assessment
Analyst: IPDebrief SOC Team
---
## EXECUTIVE SUMMARY
Target IP 43.204.82.180 is a cloud-based web server hosted on Amazon Web Services (AWS) infrastructure in Mumbai, India (ap-south-1). The IP presents a low risk profile (Risk Score: 25) with no active threat indicators. The endpoint is associated with legitimate infrastructure services and shows consistent, stable network behavior. No immediate blocking or mitigation actions recommended.
---
## INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **ASN** | 16509 (IRT-AMAZON-AS-AP1) |
| **Organization** | AMAZON-AS-AP |
| **CIDR Block** | 43.200.0.0/13 |
| **RIR** | APNIC |
| **Network Role** | Cloud Web Server |
| **Location** | Mumbai, Maharashtra, India |
| **Coordinates** | 19.08°N, 72.88°E |
| **Geolocation Consensus** | Valid (1 source) |
---
## NETWORK SERVICES
Open Ports:
- TCP/443 (HTTPS) - Active
- TCP/22 (SSH) - Open (OpenSSH_9.6p1 Ubuntu)
TLS Certificate:
- Issuer: Let's Encrypt (US)
- Subject: skilluat.dfindia.org
- Type: Standard (non-self-signed)
HTTP Fingerprint:
- Server: nginx/1.24.0 (Ubuntu)
- Generator: Odoo
- HTTP Version: 2.0
- HSTS: Enabled (max-age=63072000; includeSubdomains)
- CSP: Not configured
---
## THREAT ASSESSMENT
Current Risk Score: 25/100 (Low)
Abuse Confidence Score: N/A
Blacklist Status: Clean (0 blacklists)
Known Campaigns: None
Threat Persistence: 0 days (not persistently malicious)
Threat Indicators:
- Not a Tor exit node
- Not a known attacker IP
- Not a spam source
- No active threat feeds
---
## NETWORK BEHAVIOR & HISTORY
Observation History: 32 recorded observations
Route Stability: Stable (0 route changes in 30 days)
BGP Origin: 43.204.0.0/15 via AS34549 โ AS16509
RPKI Status: Valid
IRR Consistency: Match
Delegation Age: 9,526 days
Recent HTTP Observations:
- Status Code: 200
- TTFB: 1557ms
- Content Security Policy: Missing
- Referrer Policy: Missing
- Permissions Policy: Missing
---
## DOMAIN & DNS ANALYSIS
Reverse DNS: ec2-43-204-82-180.ap-south-1.compute.amazonaws.com
Forward Resolution: Confirmed (amazonaws.com)
PTR Hostnames: 1
DNSSEC: Valid
DNSBL Listings: 1 of 8 total lists
Email Authentication: SPF: Yes, DMARC: Yes
---
## NEIGHBORHOOD ANALYSIS
Subnet: 43.204.82.180/24
Abuse Density: 1 (Low)
Classification: Mostly Clean
Total Siblings: 1
Active Siblings: 1
Threat Siblings: 1
Risk Distribution:
- High Risk: 0
- Medium Risk: 0
- Low Risk: 1 (target)
---
## RELATIONSHIP GRAPH
Total Relationships: 46
Primary Associations:
- AWS Network (AMAZON-AS-AP)
- DNS Hostname: ec2-43-204-82-180.ap-south-1.compute.amazonaws.com
- Multiple network and DNS association links
---
## OPERATOR ASSESSMENT
Operator Score: 0.6087 (Moderate
Operator Score: 0.6087 (Moderate)
Delegation Age: 9,526 days
Route Changes (30d): 0
---
## CAMPAIGN CORRELATION
Campaign Likelihood: None
CERT Matches: 0
Banner Matches: 0
Correlated IPs: 0
Certificate Subjects: None
---
## GEOGRAPHIC VALIDATION
Distance from Probe: 6,738.2 km
Minimum Possible RTT: 134.8 ms
ICMP Validation: Blocked
GeoPlausible: Yes
GeoConsensus: Validated
---
## OBSERVATION TIMELINE
Total Observations: 32
Most Recent Signal: 2026-06-19T03:28:24Z
Signal Type: Routing Assessment (Moderate Confidence: 0.85)
Previous Signal: 2026-06-18T09:00:42Z
HTTP Status: 200 (HTML Content)
---
## RECOMMENDATIONS
Current Action: Monitor / No Immediate Action Required
Risk Level: Low
Blocking Recommendation: Not Recommended
Investigation Priority: Low
Notes for SOC Team:
- Target is confirmed AWS infrastructure with valid DNSSEC and IRR consistency
- SSL certificate (skilluat.dfindia.org) indicates legitimate use case
- No malicious indicators or threat intelligence matches detected
- SSH port open per standard server configuration
- HSTS enabled on HTTPS service
- Single DNSBL listing noted; further investigation not warranted at this time
---
END OF INTELLIGENCE BRIEFING
Generated: IPDebrief Platform
Classification: Defensive Security Intelligence
Distribution: Authorized Personnel Only
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | IRT-AMAZON-AS-AP1 |
| ASN | AS16509 |
| Network Name | AMAZON-AS-AP |
| CIDR Block | 43.200.0.0/13 |
| RIR | APNIC |
| Country | US |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | ec2-43-204-82-180.ap-south-1.compute.amazonaws.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | ec2-43-204-82-180.ap-south-1.compute.amazonaws.com |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 2/2 domains |
| DMARC | 1/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | nginx/1.24.0 |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 4 |
| routing | 27% | 3 | 4 |
| services | 35% | 2 | 3 |
| ownership | 27% | 3 | 4 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 28% | 13 | 21 |
| Data Coherence | Consistent (100%) |
| Attribution | High (85%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:20 UTC |
| Last Seen | 2026-06-27 05:32:16 UTC |
| Profile Built | 2026-06-27 23:39:41 UTC |
| Data Freshness | Live |
| Signal Types | 29 |
| Total Observations | 35 |
Full dossier details are available via our API.