20.42.65.90

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 20.42.65.90/32

Classification: Low Risk – Microsoft Azure Infrastructure

Report Date: 2026-06-15

Risk Score: 25/100

---

## Executive Summary

IP 20.42.65.90 is identified as Microsoft Corporation (ASN 8075) infrastructure operating within the Microsoft Azure cloud platform. The IP exhibits low risk characteristics with no active threat indicators, minimal blacklist presence, and stable routing. The address belongs to a predominantly clean subnet (20.42.65.0/24) with an abuse density of 0.0 and classification of "mostly_clean."

---

## Technical Profile

Ownership & Registration:

Organization: Microsoft Corporation
ASN: 8075
RIR: ARIN
Network Role: Cloud Compute (Microsoft Azure)
Infrastructure Type: Cloud (confirmed)

Geolocation:

Country: United States (US)
Region: Washington (WA)
City: Redmond
Coordinates: 47.67°N, -122.12°W
Timezone: America/Los_Angeles

Network Context:

BGP Prefix: 20.40.0.0/13
Route Stability: Stable (no route changes in 30 days)
IRR Consistency: Match
RPKI State: Unknown
DNSSEC: Valid
Control Plane Score: 0.4783 (Basic)

---

## Service & DNS Analysis

Open Services:

Port 443/TCP: HTTPS
Server Banner: Microsoft-HTTPAPI/2.0
HTTP Version: 2.0

TLS Certificate:

Issuer: CN=Microsoft TLS G2 RSA CA OCSP 02, O=Microsoft Corporation, C=US
Subject: CN=*.events.data.microsoft.com, O=Microsoft Corporation, L=Redmond, S=WA, C=US
Certificate Subjects: *.events.data.microsoft.com, events.data.microsoft.com, *.pipe.aria.microsoft.com, pipe.skype.com, *.pipe.skype.com, and 5 additional Microsoft domains
Self-Signed: No

DNS Configuration:

Forward Resolution: Unconfirmed
Hosted Domains: 0
Email Authentication: SPF record present, DMARC record configured

HTTP Headers:

HSTS: Enabled (max-age=31536000)
Content Security Policy: Not present
Server: Microsoft-HTTPAPI/2.0

---

## Threat Intelligence

Threat Indicators:

Blacklist Count: 0
Known Attacker: No
Spam Source: No
Tor Exit Node: No
Known Campaigns: None
Pulsedive Risk: Not assessed

Control Plane:

DNSBL Listed: 1 of 8 total lists
Operator Score: 0.4783 (Basic)

---

## Neighborhood Analysis (20.42.65.0/24)

Abuse Density: 0.0
Classification: mostly_clean
Total Siblings: 1
Active Siblings: 1
Threat Siblings: 1
High Risk Neighbors: 0
Medium Risk Neighbors: 0

---

## Historical Observations

Observation history from June 2026 indicates consistent Microsoft Azure infrastructure behavior:

Server Fingerprint: Microsoft-HTTPAPI/2.0 confirmed across multiple observations
HTTP Status: 404 observed (typical for Azure endpoint probing)
Protocol: HTTP/2.0 with HSTS enforcement
Routing Signals: Basic operator classification (0.4783)
Domain Resolution: msn.cn observed with SPF record present
Geolocation Signals: Multiple sources confirming US location with threat reputation signals

---

## Relationship Graph

The relationship analysis reveals 32 relationships, all classified as "Same Network" pointing to MSFT network entities. This confirms the IP's association with Microsoft's Azure infrastructure network.

---

## Recommended Actions

Risk-Based Recommendations:

No specific firewall or blocking actions required at this time
Risk score of 25 indicates low-risk legitimate infrastructure
Standard cloud provider traffic patterns observed

Monitoring Considerations:

Continue monitoring for unusual outbound connections from this IP
Verify any 404 responses are expected for Azure service endpoints
Monitor TLS certificate expiration for *.events.data.microsoft.com domains

---

## SOC Analyst Notes

This IP address represents legitimate Microsoft Azure infrastructure hosting events and data services. The low risk score, clean blacklist status, and confirmed Microsoft ownership indicate this is not a threat source. Standard cloud traffic patterns are observed with proper security headers (HSTS, SPF, DMARC) in place.

Action Status: Monitor – No immediate mitigation required.

---

*Intelligence generated by IPDebrief® – Professional Threat Intelligence Platform*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	WA
City	Redmond
Timezone	America/Los_Angeles
Latitude	47.67
Longitude	-122.12

🏢 Ownership & Registration

Organization	Microsoft Corporation
ASN	AS8075
Network Name	—
CIDR Block	20.40.0.0/13
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	4/4 domains
DMARC	3/4 domains
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured
Domains Checked	4 domains

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Tier 3 — Basic operator with some routing infrastructure

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
443	https	tcp	—
Closed Ports	22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned)

Server	Microsoft-HTTPAPI/2.0
HTTP Title	—

🔐 TLS Certificate

🔒

CN=*.events.data.microsoft.com, O=Microsoft Corporation, L=Redmond, S=WA, C=US

Issued by CN=Microsoft TLS G2 RSA CA OCSP 02, O=Microsoft Corporation, C=US

Self-signed: No

SANs	.events.data.microsoft.comevents.data.microsoft.com.pipe.aria.microsoft.compipe.skype.com.pipe.skype.com.mobile.events.data.microsoft.commobile.events.data.microsoft.com.events.data.msn.comevents.data.msn.com.events.data.msn.cn
Valid From	2026-04-24T21:14:49+00:00
Valid Until	2026-10-21T21:14:49+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha384RSA
Validity Period	180 days
Serial Number	41001885444C2440C1130B07D8000000188544
Thumbprint	181D2E1B2BC95E48E399D89C8B3D84DFBFE3D6DE

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	22%	2	4
routing	24%	4	5
services	30%	2	3
ownership	20%	2	3
reputation	24%	1	3
geolocation	33%	2	3
Overall	25%	13	21

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (65%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-17 15:50:50 UTC
Last Seen	2026-06-28 05:39:43 UTC
Profile Built	2026-06-28 23:44:11 UTC
Data Freshness	Live
Signal Types	31
Total Observations	38

🔍 31 signal types · 38 observations collected

This report is generated from 31+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

20.42.65.90📋 Copy