20.226.46.111
IP Intelligence Briefing: 20.226.46.111
Date: 2026-06-16
---
**1. Core Profile**
- Risk Score: 65 (Moderate Risk)
- Provider: Microsoft Azure (CloudCompute)
- Geolocation: Boston, MA, US (IPDebrief geolocation)
- Network Role: Firewalled / No Services (no open ports, no TLS/HTTP indicators)
- Ownership: Unregistered ASN/Org (potential misconfigured or ephemeral resource)
---
**2. Threat Observations**
- DNSBL Listings:
- Listed in 3/8 DNSBLs (low severity, no category details).
- No direct malware, phishing, or exploit indicators.
- Network Scans:
- Detected passive scans (ports 80, 443, 22, 25, 8080, 8443, 53, 21, 23, 139, 445).
- No active exploitation or C2 activity observed.
- BGP Context:
- Origin ASN: 8075 (Microsoft Corp)
- Route stability: Unstable (route changes in last 30 days).
---
**3. Historical Trends**
- Recent Activity (2026-06-16):
- DNS resolution attempts (no PTR records).
- Passive network scanning (no open services confirmed).
- DNSSEC validation: Enabled.
- Long-Term Risk:
- No persistent malicious behavior (threat persistence days: 0).
- No ownership changes or campaign correlations.
---
**4. Relationships**
- No Linked Entities:
- No hostnames, domains, or certificates associated with the IP.
- No organizational or subnet relationships (empty relationships graph).
---
**5. Subnet Neighbors**
- Subnet: 20.226.46.0/24
- Neighbor Risk:
- 1 sibling IP (20.226.46.165) with low risk (score: 0, authority: 50).
- Subnet abuse density: 0% (no high/medium risk IPs).
---
**6. Recommendations**
- Monitor DNSBL Status: Investigate why the IP is listed in 3 DNSBLs (e.g., spam, abuse).
- Check Azure Configuration: Verify if the Azure instance is misconfigured or compromised.
- Network Segmentation: Apply micro-segmentation rules to isolate cloud workloads.
- Log Analysis: Correlate with internal logs for unexpected outbound connections.
Conclusion: The IP is a low-risk Azure cloud instance with no active threats but warrants monitoring due to DNSBL listings. No immediate action required, but continuous observation is advised.
---
*Generated using IPDebrief intelligence tools. All data reflects observations as of 2026-06-16.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | MSFT |
| CIDR Block | 20.192.0.0/10 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 17% | 1 | 1 |
| services | 24% | 2 | 2 |
| ownership | 35% | 2 | 3 |
| reputation | 17% | 1 | 2 |
| geolocation | 17% | 1 | 1 |
| Overall | 24% | 9 | 12 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-06-11 15:08:27 UTC |
| Last Seen | 2026-06-21 18:54:42 UTC |
| Profile Built | 2026-06-21 19:03:17 UTC |
| Data Freshness | Live |
| Signal Types | 17 |
| Total Observations | 19 |
Full dossier details are available via our API.