20.226.106.76

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING: 20.226.106.76/32

## EXECUTIVE SUMMARY

IP address 20.226.106.76 is a Microsoft Azure infrastructure endpoint classified as LOW RISK with an overall risk score of 25. The asset belongs to Microsoft Corporation (ASN 8075) within the 20.192.0.0/10 block. Current threat indicators are absent, and the IP demonstrates stable cloud infrastructure characteristics.

## OWNERSHIP & INFRASTRUCTURE

Organization: Microsoft Corporation
ASN: AS8075 (MSFT)
CIDR Block: 20.192.0.0/10
Infrastructure Type: Microsoft Azure cloud
Network Role: Firewalled / No Services

## GEOLOCATION DATA

Country: Brazil (BR)
Region: São Paulo (SP)
Coordinates: -23.55, -46.63
Timezone: America/Sao_Paulo
Validation Status: GeoPlausible confirmed, though ICMP probes blocked

## THREAT ASSESSMENT

Overall Risk Score: 25 (Low Risk)
Abuse Confidence Score: Not applicable
Blacklist Count: 0
Tor Exit Node: No
Known Attacker: No
Spam Source: No
DNSBL Listed: 1 of 8 total lists (minor listing)
Campaign Likelihood: None identified

## NETWORK BEHAVIOR & SERVICES

Open Ports: None detected
TLS Certificate: None
HTTP Banner: None
Service Purpose: Firewalled / No Services
DNS Records: No PTR hostnames, no forward resolution

## NEIGHBORHOOD ANALYSIS

Subnet: 20.226.106.76/24

Abuse Density: 0 (Clean)
Total Siblings: 2
Active Siblings: 0
Threat Siblings: 0
Classification: Clean

Notable Neighbor: 20.226.106.38

Risk Score: 50 (Medium)
Authority Score: 50
Classification: Requires review for potential correlation

## OBSERVATION HISTORY

Total observations: 17

Recent Classification: Clean subnet (2026-06-16)
Threat Persistence: 0 days
Ownership Changes: 0
Threat Observation Count: 0
Notable Signals: Multiple geolocation observations including São Paulo, Brazil and conflicting US coordinates from AlienVault OTX feed

## RELATIONSHIP GRAPH

Total Relationships: 12
Relationship Type: All classified as "Same Network" to MSFT
No External Correlations: No links to third-party organizations, hostnames, or certificates

## RECOMMENDED ACTIONS

No specific security actions recommended at this time. The IP demonstrates minimal operator risk (0.1304) and stable routing characteristics. Standard Microsoft Azure infrastructure monitoring applies.

## INTELLIGENCE CONCLUSION

IP 20.226.106.76 is a benign Microsoft Azure infrastructure address with no current threat indicators. The single medium-risk neighbor (20.226.106.38) warrants separate investigation but does not affect the classification of the target IP. SOC analysts may treat this address as trusted infrastructure requiring only standard cloud network monitoring.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇧🇷 Brazil
Region	SP
City	São Paulo
Timezone	America/Sao_Paulo
Latitude	-23.55
Longitude	-46.63

🏢 Ownership & Registration

Organization	Microsoft Corporation
ASN	AS8075
Network Name	MSFT
CIDR Block	20.192.0.0/10
RIR	ARIN
Country	United States
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	21%	2	2
routing	13%	1	1
services	13%	1	1
ownership	27%	2	3
reputation	17%	1	2
geolocation	27%	2	3
Overall	20%	9	12

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Geo sources disagree on country: US, BR

📅 Observation Timeline 🔄 Live

First Seen	2026-05-31 17:23:59 UTC
Last Seen	2026-06-21 06:36:52 UTC
Profile Built	2026-06-21 06:38:37 UTC
Data Freshness	Live
Signal Types	18
Total Observations	19

🔍 18 signal types · 19 observations collected

This report is generated from 18+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

20.226.106.76📋 Copy