20.115.98.6
THREAT INTELLIGENCE BRIEFING
Target: 20.115.98.6/32
Classification: Microsoft Azure Infrastructure
Report Date: [Current Date]
Risk Level: LOW (Score: 25/100)
---
EXECUTIVE SUMMARY
IP address 20.115.98.6 belongs to Microsoft Corporation (ASN 8075) and is part of Microsoft Azure cloud infrastructure. The IP demonstrates a low-risk profile with no active threat indicators. The subnet (20.115.98.0/24) is classified as "mostly_clean" with minimal abuse density.
---
OWNERSHIP & GEOGRAPHY
- Organization: Microsoft Corporation
- ASN: 8075
- Geolocation: Virginia, US (37.37°N, -79.46°W)
- Network Classification: CloudCompute (Microsoft Azure)
- Registration: ARIN registry
---
THREAT POSTURE
- Risk Score: 25/100 (Low Risk)
- Blacklist Status: Clean (0 blacklist hits)
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Abuse Confidence Score: Not applicable (legitimate infrastructure)
- DNSBL Listings: 8 (control plane metadata, not indicative of malicious activity)
---
NETWORK BEHAVIOR
- Open Ports: None detected
- DNS Resolution: No PTR records, no forward resolution
- Service Banner: No services identified (firewalled/no services)
- TLS Certificates: None observed
- HTTP/HTTPS: No active web services detected
---
HISTORICAL OBSERVATIONS
- Total Signals: 16 observations recorded
- Most Recent: 2026-06-20
- Threat Persistence: 0 days (not persistently malicious)
- Subnet Abuse Density: 1 (minimal)
- DNSSEC: Validated on recent observations
---
INFRASTRUCTURE RELATIONSHIPS
- Network Association: 16 relationships identified with Microsoft (MSFT)
- Related Entities: All same-network relationships point to Microsoft infrastructure
- Campaign Correlation: No matching campaigns or certificates
---
NEIGHBORHOOD ANALYSIS
- Subnet: 20.115.98.0/24
- Total Siblings: 1
- Active Siblings: 0
- Threat Siblings: 1
- Abuse Density: 0 (minimal)
---
RECOMMENDATIONS FOR SOC ANALYSTS
1. ALLOW - This IP represents legitimate Microsoft Azure cloud infrastructure. No blocking required.
2. MONITOR - Maintain standard monitoring for Azure IP ranges. While this IP is low-risk, cloud infrastructure can be co-opted in targeted attacks.
3. NO BLOCKING - The IP shows no malicious indicators, no blacklist presence, and clean neighborhood data. Blocking would disrupt legitimate Microsoft services.
4. CONTEXTUAL ANALYSIS - If traffic from this IP triggers alerts, investigate at the application layer rather than assuming IP-based threat. Azure infrastructure is frequently targeted in credential stuffing and other automated attacks.
5. NEIGHBORHOOD WATCH - The subnet contains one threat sibling. Monitor adjacent IPs in the 20.115.98.0/24 range for unusual patterns, though abuse density remains minimal.
---
CONCLUSION
This IP address represents standard Microsoft Azure cloud infrastructure with no evidence of malicious activity. The low-risk score, clean threat indicators, and legitimate organizational ownership support continued allowlisting. No security actions or blocking rules are recommended for this IP address.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.29.8 |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
π TLS Certificate
| SANs | None |
| Valid From | 2026-04-22T11:40:36+00:00 |
| Valid Until | 2027-04-22T11:40:36+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 365 days |
| Serial Number | 67FE0175F1C74E018CD9F74B900C5AFC2F99764E |
| Thumbprint | E2539DE1EE19D96F1A12AB3437672B7B23321E53 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 35% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 28% | 1 | 4 |
| geolocation | 33% | 2 | 3 |
| Overall | 27% | 10 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-21 14:57:03 UTC |
| Last Seen | 2026-06-28 14:03:14 UTC |
| Profile Built | 2026-06-29 08:09:38 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 24 |
Full dossier details are available via our API.