20.243.194.84
Threat Intelligence Briefing: IP 20.243.194.84/32
Summary:
The IP address 20.243.194.84/32 is registered to Microsoft Corporation (ASN 8075) and is part of Microsoft Azure infrastructure. It exhibits moderate risk (risk score: 50) with no direct threat indicators (e.g., no malware, phishing, or exploitation activity detected). The IP is geolocated to the United States but with ambiguous regional/city data.
Key Findings:
1. Network Context:
- Owned by Microsoft Corporation (MSFT), classified as a cloud compute node.
- Part of the 20.192.0.0/10 CIDR block, associated with Microsoft's global infrastructure.
- No active neighboring IPs in the /24 subnet (neighbors tool returned zero siblings).
2. Threat Observations:
- No malicious indicators (e.g., spam, botnets, or known attackers).
- ICMP validation failed ("ICMP blocked - unable to validate"), suggesting potential network restrictions or firewalls.
- Historical data (June 2026) shows no persistent malicious activity.
3. Behavioral Insights:
- DNSSEC validation is enabled, and no DNSBL listings were found.
- No open ports, TLS certificates, or HTTP services detected.
- Traceroute indicates transit through Comcast networks but timed-out hops.
Recommendations:
- Monitor for anomalies: Track changes in network behavior or new threat indicators (e.g., unexpected DNS activity, port openings).
- Verify ownership: Confirm Microsoft's use of this IP via internal records or Microsoft's public IP ranges.
- Network segmentation: Ensure this IP is appropriately segmented in your environment, given its association with a large cloud provider.
- Update WAF rules: If this IP is part of a public-facing service, update firewall/WAF rules to reflect its legitimate traffic patterns.
Conclusion:
This IP is likely a legitimate Microsoft Azure asset with no current malicious activity. However, its ambiguous geolocation and ICMP restrictions warrant further investigation to rule out misconfigurations or potential spoofing.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | MSFT |
| CIDR Block | 20.192.0.0/10 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 38% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 32% | 1 | 4 |
| geolocation | 27% | 2 | 3 |
| Overall | 25% | 9 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-06-01 11:44:26 UTC |
| Last Seen | 2026-06-21 07:28:21 UTC |
| Profile Built | 2026-06-21 07:33:25 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 19 |
Full dossier details are available via our API.