# IP INTELLIGENCE BRIEFING: 20.228.220.118
## Executive Summary
IP address 20.228.220.118 is a Microsoft Azure cloud compute infrastructure endpoint classified as Low Risk (Risk Score: 25). The IP belongs to Microsoft Corporation (ASN 8075) within the MSFT CIDR block 20.192.0.0/10, hosted in Virginia, United States. No malicious indicators, threat feeds, or campaign associations were detected.
## Technical Profile
Ownership & Network:
- Organization: Microsoft Corporation
- ASN: 8075 (MSFT)
- CIDR Block: 20.192.0.0/10
- RIR: ARIN
- Infrastructure Type: CloudCompute
- Classification: Microsoft Azure provider
Geolocation:
- Country: US (Virginia)
- Coordinates: 37.37°N, -79.46°W
- Timezone: America/New_York
- Geographic consensus: Valid
Network Services:
- Open Ports: None (firewalled / No Services)
- DNS PTR Resolution: None
- Forward DNS Resolution: None
- TLS Certificate: None
- HTTP Banner: None
## Threat Intelligence Assessment
Threat Indicators:
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- Abuse Confidence Score: N/A
- Known Campaigns: None
Control Plane Data:
- DNSSEC Valid: Yes
- Route Stable: No
- DNSBL Listed: 1 of 8 lists
- Operator Score: 0.1304 (Minimal)
## Observation History
Analysis of 17 historical observations reveals consistent benign signals:
- 2026-06-21: Minimal risk routing signals with 0.30 confidence
- 2026-06-16: Ownership confirmed as Microsoft Corporation, ARIN RIR assignment validated
- No evidence of persistent malicious activity or threat persistence
## Network Neighborhood
Subnet Analysis (20.228.220.0/24):
- Abuse Density: 0%
- Classification: Clean
- Threat Siblings: 0
- Active Siblings: 0
- Total Siblings: 1
The immediate /24 subnet shows no abuse activity, indicating this is an isolated legitimate cloud infrastructure endpoint.
## Relationship Graph
Three relationships detected, all indicating same-network associations with Microsoft (MSFT). No external relationships to different organizations or threat actors.
## Security Recommendations
Actions: No specific firewall rules or blocking recommended.
Rationale: The IP demonstrates characteristics of legitimate Microsoft Azure infrastructure with no malicious indicators, zero abuse activity in the neighborhood, and no threat intelligence associations. Standard cloud traffic filtering policies apply; no additional blocking or allowlisting actions required.
---
*Report generated for SOC threat intelligence analysis. All data sourced from IPDebrief intelligence platform.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | MSFT |
| CIDR Block | 20.192.0.0/10 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 2 |
| routing | 17% | 1 | 1 |
| services | 17% | 1 | 1 |
| ownership | 35% | 2 | 3 |
| reputation | 17% | 1 | 2 |
| geolocation | 17% | 1 | 1 |
| Overall | 21% | 8 | 10 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-11 03:01:06 UTC |
| Last Seen | 2026-06-21 18:21:23 UTC |
| Profile Built | 2026-06-21 18:24:11 UTC |
| Data Freshness | Live |
| Signal Types | 16 |
| Total Observations | 17 |
Full dossier details are available via our API.