20.127.185.37
IP Intelligence Briefing: 20.127.185.37
Date: 2026-06-14
---
**1. Core Profile**
- Risk Score: 65/100 (Moderate Risk)
- Provider: Microsoft Azure (ASN 8075)
- Ownership: Microsoft Corporation (US-based)
- Geolocation: Washington, D.C., US (20.127.185.37/24 subnet)
- Network Role: Cloud compute host (Microsoft Azure infrastructure)
- Services: Open SSH (port 22) with banner "SSH-2.0-OpenSSH_9.2p1". No TLS/HTTP services detected.
- Threat Indicators: No malicious activity, abuse confidence score null, no blacklist entries.
---
**2. Observation History**
- Recent Activity (30 days):
- 17 total observations (13 unique signals).
- Mixed confidence levels (0.21β0.85), with minimal risk signals.
- No persistent malicious behavior detected.
- DNSSEC valid, no DNSBL listings.
---
**3. Relationships & Network Context**
- Linked Entities:
- Subnet: 20.127.185.37/24 (abuse density: 1/100, classified as "mostly_clean").
- Parent network: 20.64.0.0/10 (Microsoft Azure infrastructure).
- No known Tor, CDN, or VPN associations.
- Connections:
- All relationships map to Microsoft's network (MSFT).
---
**4. Neighborhood Analysis**
- Subnet Neighbors:
- 0 active neighbors reported (likely due to sparse /24 subnet).
- Subnet abuse density: 1/100 (low risk).
---
**5. Recommended Actions**
- Monitoring:
- Increase logging verbosity for SSH access from this IP.
- Validate SSH banners against known vulnerabilities.
- Firewall:
- Block via iptables/nftables: `iptables -A INPUT -s 20.127.185.37 -j DROP`.
- AWS WAF rule: `"Addresses": ["20.127.185.37/32"], "Description": "IPDebrief risk 65"`.
- Context:
- Legitimate Microsoft Azure IP; verify if access aligns with expected traffic patterns.
---
Conclusion:
This IP is part of Microsoft Azure's infrastructure and shows no current malicious activity. However, its moderate risk score and open SSH service warrant monitoring for anomalous behavior. No immediate action is required, but maintain vigilance against potential misconfigurations or unauthorized access attempts.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u10 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 40% | 2 | 5 |
| routing | 8% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 23% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:07 UTC |
| Last Seen | 2026-06-27 03:06:17 UTC |
| Profile Built | 2026-06-27 21:13:06 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 25 |
Full dossier details are available via our API.