191.233.236.42
# IP INTELLIGENCE BRIEFING
Target: 191.233.236.42/32
Classification: Microsoft Azure Cloud Infrastructure
Risk Assessment: LOW RISK (Score: 25/100)
Date: 2026-06-16
---
## EXECUTIVE SUMMARY
The IP address 191.233.236.42 is a Microsoft Azure cloud compute instance located in São Paulo, Brazil (ASN 8075). The address presents a low-risk profile with no active threat indicators, zero blacklist listings, and no open services. The subnet shows minimal abuse density with one threat sibling observed. No immediate security action is recommended beyond standard cloud infrastructure monitoring.
---
## INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **IP Address** | 191.233.236.42 |
| **Organization** | Microsoft 272945 Brasil LTDA |
| **ASN** | AS8075 (Microsoft Corporation) |
| **Network Range** | 191.232.0.0/14 |
| **Country** | Brazil (BR) |
| **City** | São Paulo, SP |
| **Infrastructure Type** | Cloud Compute (Microsoft Azure) |
| **Reputation Score** | 25/100 (Low Risk) |
---
## THREAT ANALYSIS
Active Threat Indicators: None detected
- Blacklist Status: 0 listings across all monitored feeds
- Known Campaigns: No correlations to active threat campaigns
- Tor/Proxy/VPN: Not identified as Tor exit node, proxy, or VPN
- Spam Source: Not flagged as spam source
- Known Attacker: No association with known attacker databases
Network Behavior:
- No open ports detected (firewalled/no services)
- No DNS PTR records or forward resolution
- No TLS certificates or HTTP services exposed
- Static network routing (no recent BGP changes)
---
## GEOLOCATION VALIDATION
| Metric | Value | Status |
|---|---|---|
| Reported Location | São Paulo, SP, BR | Validated |
| Coordinates | -23.55, -46.63 | N/A |
| RTT Measurement | 126ms | โ ๏ธ ANOMALY |
| Expected Minimum RTT | 197.1ms | Violation |
*Note: RTT anomaly indicates potential geolocation discrepancy or routing anomaly. Distance calculation suggests 9,855km from probe origin.*
---
## SUBNET ANALYSIS (191.233.236.42/24)
| Metric | Value |
|---|---|
| Subnet Classification | mostly_clean |
| Abuse Density | 1/10 |
| Threat Siblings | 1 |
| Active Siblings | 0 |
| Total Siblings | 1 |
| Inherited Risk | 2/100 |
The subnet exhibits minimal abuse activity with one threat-adjacent IP identified. No correlation to coordinated malicious activity.
---
## OBSERVATION HISTORY
Total Signals: 20 observations
Analysis Period: Recent monitoring window
Recent Signal Activity:
1. BGP Routing: Stable prefix 191.232.0.0/13 (AS8075)
2. ASN Attribution: Microsoft Corporation (AS8075)
3. Geolocation: Campinas, SP, BR (AlienVault OTX source)
4. Subnet Classification: mostly_clean with abuse_density: 1
5. Network Scans: No open ports, no service banners
No significant threat pattern evolution observed over monitoring period.
---
## RELATIONSHIP ANALYSIS
External Relationships: None identified
All 12 relationship entries reference internal network identifiers (211136). No external associations to:
- Hostnames or domains
- Certificate authorities
- Related organizations
- Known threat actors
---
## RECOMMENDED ACTIONS
Priority: LOW
Action Type: MONITOR
| Action | Rationale |
|---|---|
| **Allow Traffic** | Legitimate cloud infrastructure, no threat indicators |
| **Standard Logging** | Maintain baseline logging for cloud traffic |
| **No Blocking** | Risk score below action threshold (25/100) |
| **Continue Monitoring** | Track subnet for potential abuse density changes |
Firewall Rule: No additional rules required. Standard Azure egress/ingress policies apply.
---
## INTELLIGENCE CONFIDENCE
Data Quality: HIGH
Coverage: Full profile, history, relationships, and neighborhood data collected
Freshness: Recent observations from 2026-06-16
Confidence Level: 0.70-0.95 across observation signals
---
Generated by: IPDebrief Intelligence Platform
Classification: DEFENSIVE SECURITY INTELLIGENCE
Distribution: SOC Team
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Microsoft 272945 Brasil LTDA |
| ASN | AS8075 |
| Network Name | 211136 |
| CIDR Block | 191.232.0.0/14 |
| RIR | LACNIC |
| Country | BR |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 3 |
| routing | 32% | 2 | 3 |
| services | 21% | 2 | 2 |
| ownership | 21% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 27% | 11 | 16 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-06-02 12:03:44 UTC |
| Last Seen | 2026-06-21 08:39:27 UTC |
| Profile Built | 2026-06-21 08:41:47 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 23 |
Full dossier details are available via our API.