172.203.196.228
IP Intelligence Briefing: 172.203.196.228
*Generated via IPDebrief tools: Profile, History, Relationships, Neighbors*
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Provider: Microsoft Azure (CloudCompute)
- Ownership:
- ASN: 8075 (Divya Quamara, "cloud")
- Geolocation: United States (Virginia), inferred via multi-signal analysis.
- Threat Indicators:
- No malicious activity detected (no abuse confidence, spam, or known attacker flags).
- DNSBL listings (1/8 total) with "high" severity, but IP not confirmed as listed.
- Network Role:
- Firewalled / No Services (no open ports, TLS, or HTTP detected).
- Likely a virtual machine or cloud instance with restricted access.
---
**2. Observation History**
- Latest Activity:
- Geolocation: Virginia (confidence 56%), inferred via DNS and network signals.
- DNS: Valid DNSSEC, no PTR record.
- BGP: Part of Microsoft's ASN (172.200.0.0/13), stable route.
- Trends:
- No persistent threats or ownership changes detected.
- DNSBL mentions (1/8 lists) may indicate false positives or misconfigurations.
---
**3. Relationships**
- Linked Entities:
- All relationships point to the same network ("cloud"), suggesting internal Azure infrastructure.
- No external subnets, hostnames, or organizations linked.
---
**4. Neighborhood Analysis**
- Subnet: 172.203.196.228/24
- Neighbors:
- No active IPs in the subnet (0 siblings).
- Subnet abuse density: 0% (no malicious activity observed).
---
**5. Actionable Insights**
- SOC Recommendations:
- Verify DNSBL false positives via direct checks (e.g., Spamhaus, Barracuda).
- Confirm Azure VM security groups and network access controls.
- Monitor for unexpected geolocation changes or DNS configuration drift.
- Firewall Rules:
- Allow traffic only from trusted sources, given the cloud-hosted nature.
- Consider blocking DNSBL-listed networks (if confirmed) to mitigate false positives.
---
Conclusion: This IP is a low-risk Azure cloud instance with no active threats. Focus on validating DNSBL mentions and ensuring cloud infrastructure compliance. No immediate mitigation required.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Divya Quamara |
| ASN | AS8075 |
| Network Name | cloud |
| CIDR Block | 172.203.0.0/16 |
| RIR | ARIN |
| Country | US |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 32% | 2 | 3 |
| services | 19% | 2 | 2 |
| ownership | 30% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 27% | 11 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-02 12:03:29 UTC |
| Last Seen | 2026-06-21 08:36:02 UTC |
| Profile Built | 2026-06-21 08:37:14 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.