IPDebrief

20.195.192.35

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON ๐Ÿ”ง Full Actions API
๐Ÿค– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING

Target IP: 20.195.192.35/32

Date: 2026-06-20

Analyst: IPDebrief Intelligence Team

Classification: LOW RISK / INFRASTRUCTURE

---

## EXECUTIVE SUMMARY

IP address 20.195.192.35 is a Microsoft Azure cloud infrastructure endpoint with a low overall risk profile. The IP demonstrates no active threat indicators, no malicious behavior, and is associated with legitimate enterprise cloud services. No immediate defensive action is required based on current intelligence.

---

## OWNERSHIP & GEOLCOATION

AttributeValue
OrganizationMicrosoft Corporation
ASN8075
CountryBrazil (BR)
Region/CitySão Paulo, SP
Network TypeMicrosoft Azure Cloud Compute
CIDR Block20.192.0.0/10
BGP Origin20.192.0.0/10

The IP is registered to Microsoft Corporation and operates within Microsoft's global Azure infrastructure. Geolocation data places the endpoint in São Paulo, Brazil, which is consistent with Microsoft's regional cloud data center footprint in Latin America.

---

## RISK ASSESSMENT

MetricScoreStatus
Overall Risk Score25Low
Provider Score0Clean
Authority Score0Clean
Stability Score0N/A
Abuse ConfidenceN/AN/A

Risk Interpretation: The low risk score (25/100) indicates minimal threat likelihood. This is consistent with the IP's classification as legitimate cloud infrastructure rather than a threat actor endpoint.

---

## THREAT INTELLIGENCE

Current Threat Status: NONE

IndicatorStatus
Tor Exit NodeNo
Known AttackerNo
Spam SourceNo
Blacklist Count0
Known CampaignsNone
Threat FeedsNone
Pulsedive RiskN/A
DNSBL Listings1/8 (Minimal)

The IP has no active threat indicators. One DNSBL listing was observed across 8 checked lists, but this appears to be routine rather than malicious, given the IP's infrastructure classification.

---

## NETWORK CLASSIFICATION

ClassificationValue
Is CloudYes
Is CDNNo
Is VPNNo
Is ProxyNo
Is HostingYes
Is MobileNo
Is ResidentialNo
Open PortsNone detected
ServicesFirewalled / No Services

The endpoint is classified as Microsoft Azure cloud infrastructure with no exposed services. This indicates the IP serves as a backend or management endpoint rather than a public-facing service.

---

## NEIGHBORHOOD ANALYSIS

Subnet: 20.195.192.35/24

Abuse Density: 0 (Clean)

Total Siblings: 1

Active Siblings: 1

Threat Siblings: 0

The /24 subnet containing this IP demonstrates a clean reputation with no neighboring IPs flagged for abuse. This reinforces the conclusion that the IP operates within legitimate Microsoft Azure infrastructure.

---

## OBSERVATION HISTORY

Total Observations: 18

Threat Persistence Days: 0

Is Persistently Malicious: No

Recent observations (June 2026) show:

The temporal analysis indicates this is an established infrastructure endpoint with consistent operational patterns and no escalation in risk posture.

---

## RELATIONSHIP GRAPH

Total Relationships: 17

Relationship Type: Same Network (MSFT)

All 17 relationships point to Microsoft (MSFT) network identifiers, confirming the IP operates within Microsoft's trusted infrastructure ecosystem. No external or suspicious connections were identified.

---

## DNS & EMAIL REPUTATION

AttributeStatus
PTR HostnamesNone
Forward ResolutionNo
Hosted Domains0
SPF RecordNo
DMARC RecordNo
TXT Records0

No DNS reverse or forward resolution was observed for this IP. The absence of email authentication records (SPF/DMARC) is consistent with non-email cloud infrastructure.

---

## RECOMMENDED ACTIONS

Current Risk Level: LOW

Action Required: NONE

Based on the comprehensive threat intelligence assessment, no specific firewall rules or blocking actions are recommended. The IP demonstrates legitimate Microsoft Azure cloud infrastructure characteristics with no evidence of malicious activity.

Monitoring Recommendations:

---

## CONCLUSION

IP 20.195.192.35 is a low-risk Microsoft Azure infrastructure endpoint. Intelligence analysis confirms legitimate cloud service operation with no threat indicators. SOC teams may treat traffic from this IP as benign unless accompanied by other anomalous behavioral signals.

Confidence Level: High

Intelligence Sources: IPDebrief Profile, History, Relationships, Neighborhood Analysis, Actions

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

๐ŸŒ Geolocation

Country๐Ÿ‡ง๐Ÿ‡ท Brazil
RegionSP
CitySão Paulo
TimezoneAmerica/Sao_Paulo
Latitude-23.55
Longitude-46.63

๐Ÿข Ownership & Registration

OrganizationMicrosoft Corporation
ASNAS8075
Network Nameโ€”
CIDR Blockโ€”
RIRARIN
Countryโ€”
Abuse ContactAvailable via RDAP

๐ŸŒ DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo โ€” PTR hostname does not resolve back to this IP (weak signal)

๐Ÿ” DNS Hygiene

Hygiene Score20% (Poor)
SPFNot configured
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

โ˜๏ธ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierHosting โ€” Infrastructure provider without advanced routing
CloudHosting

๐Ÿ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverโ€”
HTTP Titleโ€”

๐Ÿ” TLS Certificate

๐Ÿ”’
No certificate
Issued by โ€”
N/A
SANsNone
Valid Fromโ€”
Valid Untilโ€”

๐ŸŽฏ Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
27%
24
routing
8%
11
services
15%
22
ownership
24%
23
reputation
26%
13
geolocation
34%
23
Overall22%1016
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
Data CoherenceMostly Consistent (80%) โ€” 1 contradiction(s)
AttributionLow (35%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid
โš  Claimed geolocation contradicts RTT physics measurement

๐Ÿ“… Observation Timeline ๐Ÿ”„ Live

First Seen2026-05-24 12:34:39 UTC
Last Seen2026-06-29 00:06:36 UTC
Profile Built2026-06-29 06:09:07 UTC
Data FreshnessLive
Signal Types19
Total Observations21
๐Ÿ” 19 signal types ยท 21 observations collected
This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API ๐Ÿ”ง Actions API ๐Ÿ“ง Enterprise Access

โ„น๏ธ About This Report

All data shown is publicly available network metadata โ€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.