20.251.37.211
IP Intelligence Briefing: 20.251.37.211
Date: June 15, 2026
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Owner: Microsoft Corporation (ASN 8075)
- Geolocation:
- Country: United States (US)
- City: Oslo (Norway) β *Discrepancy noted; Microsoft is headquartered in the US.*
- Coordinates: Plausible (867.7 km from probe location).
- Network Role:
- Provider: Microsoft Azure (CloudCompute)
- Infrastructure: Firewalled / No Services
- Classification: Legitimate hosting infrastructure.
---
**2. Threat Indicators**
- Malicious Activity: None detected (no indicators, spam, or campaigns).
- Blacklist Status: Not listed in DNSBLs.
- TOR/VPN/Proxy: Not identified.
- Historical Trends:
- Minimal risk observed since June 2026.
- ICMP validation blocked, but geolocation remains plausible.
---
**3. Network Relationships**
- Linked Entities:
- Microsoft Azure Network (MSFT)
- Subnet: 20.251.37.211/24 (no active neighbors identified).
- Abuse Density: Subnet classified as "mostly_clean" with no malicious siblings.
---
**4. Observational History**
- Recent Activity (June 2026):
- Consistent low-risk profile with no threat persistence.
- Single observation of minimal risk (operator score: 0.13).
- No anomalies in services, DNS, or TLS.
---
**5. Recommended Actions**
- SOC Analyst Guidance:
- Monitor: Track for unexpected service changes or subnet activity.
- No Blocking Required: Legitimate Microsoft Azure infrastructure with no malicious signals.
- Geolocation Verification: Investigate Oslo discrepancy if geolocation accuracy is critical.
---
Conclusion:
20.251.37.211 is a low-risk, legitimate Microsoft Azure server with no malicious indicators. While geolocation data shows an unusual city label, the IPβs ownership and network role align with Microsoftβs infrastructure. No immediate threat mitigation is required, but ongoing monitoring is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 20% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:08 UTC |
| Last Seen | 2026-06-27 03:43:24 UTC |
| Profile Built | 2026-06-27 21:49:08 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 28 |
Full dossier details are available via our API.