This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello Microsoft,
I am receiving traffic from internal to external IP (40.127.240.158) on my endpoint. Can you help me validate the IP 40.127.240.158? Based on my search, that IP is used by Microsoft.
However, upon further investigation, the IP is also listed as an IOC for the BianLian Ransomware, https://socradar.io/threat-actor-profile-bianlian-the-shape-shifting-ransomware-group/ Is that IP still being used by Microsoft?
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
Hello,
Yes, the IP address 40.127.240.158 is a valid Microsoft IP address. It is part of the Microsoft Azure cloud platform and is used for various services such as Azure Active Directory, Azure Virtual Machines, and Azure Storage.
Best Regards
Zunhui