20.91.204.211
# IP INTELLIGENCE BRIEFING: 20.91.204.211/32
## EXECUTIVE SUMMARY
IP address 20.91.204.211 is classified as Low Risk with a risk score of 25. The address is Microsoft Azure cloud infrastructure located in Stockholm, Sweden. No active threat indicators were detected. This IP represents legitimate Microsoft cloud infrastructure with minimal abuse potential.
---
## NETWORK CLASSIFICATION & OWNERSHIP
- Organization: Microsoft Corporation
- ASN: 8075 (Microsoft Corp.)
- Network Role: CloudCompute (Microsoft Azure)
- Infrastructure Type: Cloud
- Provider Score: 0
- Authority Score: 0
- Geolocation: Stockholm, Sweden (SE)
- Timezone: Europe/Stockholm
---
## THREAT ASSESSMENT
- Overall Risk Score: 25 (Low Risk)
- Abuse Confidence Score: Not applicable
- Blacklist Count: 0
- DNSBL Listings: 1 of 8 total lists
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Proxy Service: No
- Persistent Malicious Activity: No
Threat Indicators: None detected across all monitored threat feeds and reputation sources.
---
## NEIGHBORHOOD ANALYSIS (20.91.204.0/24)
- Abuse Density: 0 (mostly clean)
- Inherited Risk Score: 7 (minimal)
- Total Subnet Siblings: 3
- Active Siblings: 0
- Threat Siblings: 3
- Classification: mostly_clean
Notable Neighbors:
- 20.91.204.74: Risk Score 25 (Low)
- 20.91.204.205: Risk Score 25 (Low)
The /24 subnet demonstrates minimal abuse characteristics consistent with legitimate Microsoft Azure infrastructure.
---
## NETWORK RELATIONSHIPS
All 23 relationship entries indicate Microsoft network associations ("MSFT"), confirming the IP's classification within Microsoft's cloud infrastructure. No external malicious relationships detected.
---
## OBSERVATION HISTORY
- Total Observations: 22
- Most Recent Signal: 2026-06-23 (Operator Score: 0.2174, Label: "Minimal")
- BGP Prefix: 20.64.0.0/10 (Stable, no changes in 30 days)
- AS Path: 34549 β 8075
- Threat Observation Count: 1
- Persistence Assessment: Not persistently malicious
Historical data indicates stable network behavior with no escalation in risk profile over the observation period.
---
## SERVICES & DNS ANALYSIS
- Open Ports: None
- DNS Records: Forward resolution confirmed: No
- Hosted Domains: 0
- Email Authentication: SPF: No, DMARC: No
- Service Purpose: Firewalled / No Services
- HTTP/TLS Services: No active services detected
---
## CONTROL PLANE DATA
- Origin ASN: 8075
- BGP Prefix: 20.64.0.0/10
- RPKI State: Not available
- IRR Consistency: Not available
- Route Stability: Stable (0 route changes in 30 days)
- Is Route Stable: Yes
- DNSSEC Valid: Yes
- Operator Score: 0.2174 (Minimal)
---
## SECURITY RECOMMENDATIONS
No specific firewall rules or blocking actions recommended. The IP address presents a low-risk profile consistent with legitimate Microsoft Azure infrastructure. Standard cloud security policies apply. No immediate defensive measures required beyond normal traffic monitoring.
Recommended Actions:
- No blocking required
- No rate limiting recommended
- Continue standard monitoring
- No special handling needed
---
## CONCLUSION
20.91.204.211 is Microsoft Azure cloud infrastructure with low risk characteristics. The IP shows no evidence of malicious activity, with clean threat indicators and stable network behavior. This address represents legitimate cloud computing infrastructure and should be treated as low-risk in security operations.
---
*Report Generated: IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | β |
| CIDR Block | 20.64.0.0/10 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 30% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 25% | 11 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:08 UTC |
| Last Seen | 2026-06-27 03:56:53 UTC |
| Profile Built | 2026-06-27 22:04:10 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.