20.214.230.200
## IP Intelligence Briefing: 20.214.230.200/32
Executive Summary
IP address 20.214.230.200 is a Microsoft Azure cloud infrastructure endpoint located in Seoul, South Korea. The address maintains a low-risk profile with a risk score of 25 and demonstrates stable, benign operational characteristics consistent with legitimate cloud service infrastructure.
Ownership and Classification
The IP address is owned by Microsoft Corporation (ASN 8075) within the Microsoft Azure cloud ecosystem. Network classification identifies this as cloud compute infrastructure with service purpose designated as "Single-Service Host." The IP operates within Microsoft's BGP prefix 20.192.0.0/10. Route stability assessments indicate the network prefix remains stable with zero route changes over the past 30 days.
Geolocation and Network Positioning
Geolocation data places the endpoint in Seoul, South Korea (country code: KR, region: 11) with coordinates 37.57°N, 126.98°E. The geolocation consensus score indicates high confidence (geoPlausible: true) with a 150km accuracy radius. Control plane analysis shows DNSSEC validation is active.
Threat Assessment
Threat indicators are absent. The IP address maintains a blacklist count of zero and shows no association with known malicious campaigns. No known attacker indicators were detected. The address is not classified as a Tor exit node, proxy, VPN endpoint, or known spam source. Abuse confidence scoring returned null values, indicating no abuse correlation signals.
Network Services and DNS Configuration
Active port scanning identified SSH (port 22/tcp) as the only open service with banner "SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16." No HTTP titles, TLS certificates, or email authentication records (SPF/DMARC) were detected. Forward DNS resolution is unconfirmed. The IP has zero hosted domains associated with it.
Historical Observation Analysis
Signal observation history captured 22 observations across the monitoring period. Operator scores consistently registered at 0.15 (labeled "Minimal"), with overall confidence values around 0.2411. Data sufficiency remained at 1 across all observation windows. No significant escalation in threat signals or operational changes was detected over time. The threat persistence metric shows zero days of persistent malicious activity.
Neighborhood and Subnet Context
Subnet analysis for 20.214.230.200/24 indicates an abuse density of 0 with classification "mostly_clean." No sibling IPs were detected in the neighborhood scan. The subnet contains zero high-risk, medium-risk, or low-risk neighbors. This indicates the IP operates in isolation within its immediate network segment.
Relationship Mapping
Relationship graph analysis returned 22 relationships, all classified as "Same Network" with target identifier "MSFT." This confirms the IP operates within Microsoft's Microsoft Azure network infrastructure and maintains consistent network affiliation.
Recommended Security Actions
No specific firewall rules or security recommendations were generated due to the low-risk profile. The IP address does not require blocking or mitigation measures based on current threat intelligence. Standard cloud security monitoring practices are appropriate.
Intelligence Conclusion
IP 20.214.230.200 represents legitimate Microsoft Azure cloud infrastructure with no threat indicators. The endpoint demonstrates stable operational patterns, clean threat posture, and consistent network affiliation with Microsoft's global infrastructure. SOC analysts may treat this address as benign and focus on monitoring for any future changes in operational behavior or threat association.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 22% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 20% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:08 UTC |
| Last Seen | 2026-06-27 03:23:55 UTC |
| Profile Built | 2026-06-28 03:31:03 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 25 |
Full dossier details are available via our API.