20.226.17.53
# IP Intelligence Briefing: 20.226.17.53/32
## Executive Summary
IP address 20.226.17.53 is classified as Low Risk with a risk score of 25. The address belongs to Microsoft Corporation (ASN 8075) and is deployed as Microsoft Azure cloud infrastructure. No malicious threat indicators were detected. The IP exhibits stable, benign behavior consistent with enterprise cloud services.
---
## Ownership & Infrastructure
| Attribute | Value |
|---|---|
| **Organization** | Microsoft Corporation (MSFT) |
| **ASN** | 8075 |
| **CIDR Block** | 20.192.0.0/10 |
| **Provider** | Microsoft Azure |
| **RIR** | ARIN |
| **Classification** | Cloud Infrastructure |
The IP operates within Microsoft's /10 address space and is identified as cloud infrastructure with no proxy, VPN, or hosting characteristics.
---
## Geolocation
- Country: United States (US)
- Reported Region/City: São Paulo, Campinas, Brazil
- GeoConsensus: Validated
- GeoPlausible: True
Note: Discrepancy between country code (US) and reported city location (Brazil) indicates multi-region cloud deployment typical of Azure's global infrastructure.
---
## Threat Assessment
| Indicator | Status |
|---|---|
| **Risk Score** | 25 (Low) |
| **Blacklist Count** | 0 |
| **Known Attacker** | No |
| **Tor Exit Node** | No |
| **Spam Source** | No |
| **Abuse Confidence** | N/A |
| **Known Campaigns** | None |
| **DNSBL Listings** | 1 of 8 lists |
No active threat indicators detected. The single DNSBL listing represents minimal impact within the context of a cloud provider network.
---
## Network Behavior
- Open Ports: None detected
- Services: None accessible (firewalled)
- TLS Certificate: None
- HTTP Title: None
- Connection Type: Cloud Compute
The IP presents no open services, consistent with Azure's security-by-default posture for cloud endpoints.
---
## Neighborhood Analysis
Subnet: 20.226.17.53/24
- Abuse Density: 0% (Low)
- Classification: mostly_clean
- Total Siblings: 3
- Active Siblings: 3
| Neighbor IP | Risk Score | Authority Score |
|---|---|---|
| 20.226.17.32 | 25 | 50 |
| 20.226.17.117 | 25 | 50 |
| 20.226.17.188 | 25 | 50 |
All neighboring IPs in the /24 subnet exhibit low-risk profiles consistent with legitimate cloud infrastructure.
---
## Historical Observations
- Total Observations: 19
- Threat Persistence: 0 days
- Ownership Changes: 0
- Recent Classification: mostly_clean
- Operator Score: 0.1304 (Minimal)
Historical data indicates stable ownership and consistent cloud provider classification with no emergence of malicious activity over the observation period.
---
## Relationship Graph
All 14 detected relationships classify as "Same Network" pointing to Microsoft (MSFT). No external associations with organizations, hostnames, or certificates were identified.
---
## Recommended Actions
No immediate remediation required. The IP address 20.226.17.53 represents legitimate Microsoft Azure infrastructure with no evidence of abuse or malicious activity.
Firewall/Security Recommendations:
- No blocking recommended
- Allow standard cloud traffic patterns
- Monitor for any behavioral changes if the IP begins exhibiting non-cloud activity
SOC Analyst Notes:
This IP should be treated as benign enterprise infrastructure. Any alerts generated against this address warrant investigation for false positives. The IP's low-risk profile and Microsoft ownership place it in a trusted category for defensive analysis.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | MSFT |
| CIDR Block | 20.192.0.0/10 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 19% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 28% | 2 | 4 |
| Overall | 23% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-28 18:34:41 UTC |
| Last Seen | 2026-06-29 05:46:19 UTC |
| Profile Built | 2026-06-29 05:48:23 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.