20.11.56.147
## IP Intelligence Briefing: 20.11.56.147
Executive Summary
IP address 20.11.56.147 is classified as a Microsoft Azure cloud infrastructure endpoint with a low-risk profile (risk score: 25). The IP resides in Sydney, Australia (ASN 8075) and operates within Microsoft's network namespace (MSFT). No active threat indicators or malicious activity were detected during analysis.
Infrastructure Profile
- Organization: Microsoft Corporation (ASN 8075)
- Location: Sydney, NSW, Australia
- Network Classification: Microsoft Azure cloud infrastructure
- DNS Status: No PTR records; forward resolution not confirmed
- Service Exposure: No open ports detected; network interface firewalled
- Reputation: Low risk (score: 25/100)
Threat Assessment
- Current Threat Indicators: None
- Blacklist Status: 0 blacklistings detected
- Known Campaigns: None associated
- Tor Exit/Proxy/VPN: Negative
- Historical Activity: Minimal operator score (0.1304); historical blacklist activity recorded on 2026-06-19 (8 total lists, 1 listed with high severity), but no persistent malicious patterns identified
Neighborhood Analysis
- Subnet: 20.11.56.147/24
- Abuse Density: 0 (no high/medium risk neighbors detected)
- Risk Distribution: All sibling IPs classified as low risk
- Network Stability: Microsoft-controlled infrastructure with consistent MSFT network associations (22 relationships)
Observation History
Analysis of 21 historical observations shows stable infrastructure behavior with minimal operator scores and no escalation in threat metrics. The IP maintained consistent classification within Microsoft's Azure ecosystem throughout the observation period.
Recommended Actions
Permissive Stance Recommended. This IP represents legitimate Microsoft Azure infrastructure with no evidence of malicious activity. Standard trust policies for Microsoft cloud endpoints apply. No firewall restrictions or blocking rules are warranted.
SOC Analyst Notes: Monitor for any anomalous outbound connections or traffic patterns inconsistent with cloud infrastructure behavior. Maintain baseline logging for Microsoft Azure IPs to detect potential account compromise or lateral movement if unauthorized access is suspected elsewhere in the organization.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 21% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-13 12:12:42 UTC |
| Last Seen | 2026-06-27 23:10:31 UTC |
| Profile Built | 2026-06-28 23:15:17 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 25 |
Full dossier details are available via our API.