## IP Intelligence Briefing: 20.199.127.173/32
Classification: Microsoft Azure Cloud Compute Infrastructure
Risk Assessment: Low Risk (Score: 25)
Ownership and Network Context
The IP address 20.199.127.173 belongs to Microsoft Corporation (AS8075) and is classified as Microsoft Azure infrastructure. The IP resides within Microsoft's enterprise cloud compute environment (BGP Prefix: 20.192.0.0/10) and is registered under ARIN. Control plane data indicates route instability (isRouteStable: false) with one DNSBL listing across 8 total lists, though operator scoring remains minimal (0.1304).
Technical Profile
The infrastructure operates as a Single-Service Host with RDP (port 3389/tcp) exposed. No active web services or TLS certificates were detected. DNS reverse resolution failed to confirm ownership, and forward resolution returned no hostnames. The IP is not a known attacker, Tor exit node, or proxy service.
Threat Indicators
No active threat indicators were identified. The IP is not associated with known campaigns, and no spam source or Tor exit node indicators exist. However, 18 historical observations recorded between June 14-18, 2026, captured port scanning activity and inconsistent geolocation reports (Paris, France and US coordinates reported). Two pulse detections occurred during recent observations.
Geographic Consensus
Geolocation data shows inconsistency: some sources reported Paris, France (IDF region), while others indicated US coordinates. The geo consensus flag is false, and distance validation was unable to confirm due to ICMP blocking. The IP is marked as geo-plausible.
Neighborhood Analysis
The /24 subnet (20.199.127.0.0/24) classification shows "mostly_clean" status with an abuse density of 1. No sibling IPs were identified in the neighborhood scan. The IP demonstrates no persistent malicious behavior (threatPersistenceDays: 0).
Historical Behavior
Observation history spans 18 signals over a four-day period. Port scanning activity was detected on June 14, 2026. Geolocation signals varied between French and US reporting. No persistent threat patterns emerged; the IP is not flagged as persistently malicious.
SOC Action Recommendations
- Monitor: RDP (3389) exposure on Microsoft Azure infrastructure. Verify legitimate business need for remote access.
- Context: This is legitimate Microsoft Azure infrastructure. False positives are possible due to cloud provider scanning activity.
- Investigate: Review port 3389 access logs for unauthorized connection attempts.
- Correlate: Microsoft Azure IPs frequently exhibit scanning behavior as part of infrastructure reconnaissance.
- Block: Not recommended unless specific attack activity is confirmed. Risk score (25) indicates low threat level.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 3389 | rdp | tcp | β |
| Closed Ports | 22, 25, 80, 443, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:07 UTC |
| Last Seen | 2026-06-27 03:15:01 UTC |
| Profile Built | 2026-06-27 21:21:08 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 24 |
Full dossier details are available via our API.