IP Address: 20.4.48.48 ⚠ IP Confounder

⚠ IP Confounder Detected: Trend Micro Cloud App Security (TMCAS) - Part of Trend Vision One(tm), Cloud Email and Collaboration Protection. An API-based security solution (for email and more), that protects MS Office 365, Google Workspace, Box and Dropbox. Phishing, ransomware, and BEC/DLP.
Seems to break DKIM and SPF, thus DMARC.

ℹ️ Network Annotation: Microsoft Network (365 vs Azure)

Differentiating between Office 365, including email protection services, and Azure (public cloud) when diagnosing incidents is challenging because they utilize shared Microsoft-owned IP ranges. Most of this is probably O365/Outlook or Defender protection breaking DKIM and SPF authentication. Disambiguation is a work-in-progress.

Last updated: 1/29/2026

This page shows DMARC authentication failure data for this IP address. Learn more about this data.

Geolocation Information

Country:: NL The Netherlands
Region:: North Holland
City:: Amsterdam
Coordinates:: 52.3759, 4.8975

WHOIS Information

Network Name:: MSFT
CIDR:: 20.0.0.0/11
Owner:: Microsoft Corporation
Org ID:: MSFT
Address:: One Microsoft Way, Redmond, WA 98052
Reverse DNS:: inpost-eu.tmcas.trendmicro.com
Last updated: 2/5/2026

Analysis

This IP was first observed on September 20, 2025 and most recently on January 17, 2026. It has been associated with 8 failed authentication events affecting 8 messages, representing moderate activity. The IP belongs to MSFT (Microsoft Corporation), a network with activity associated with The Netherlands. 7 other IPs in the same /24 subnet (20.4.48.*) also appear in this dataset.

Network Topology

Failures Detected from this IP

Showing 1-8 of 8 failures, affecting 8 messages

Date ▼	Messages
1/17/2026	1
12/13/2025	1
10/25/2025	1
10/23/2025	1
10/11/2025	1
10/4/2025	1
10/2/2025	1
9/20/2025	1

External Reputation Lookups

Look up this IP in external threat intelligence and reputation databases (opens in new tab):

AbuseIPDB Cisco Talos Project Honey Pot GreyNoise VirusTotal Shodan Censys Spamhaus

Nearby IPs

Other IPs in the 20.4.48.0/24 range observed failing DMARC:

20.4.48.49 (7 failures), 20.4.48.50 (6 failures), 20.4.48.52 (6 failures), 20.4.48.51 (5 failures), 20.4.48.53 (5 failures), 20.4.48.55 (5 failures), 20.4.48.54 (4 failures)