20.63.36.40
# IP Intelligence Briefing: 20.63.36.40
## Executive Summary
IP address 20.63.36.40/32 is identified as Microsoft Azure cloud infrastructure with a low-risk profile (risk score: 25). The IP serves as an Application Gateway within Microsoft's 20.33.0.0/16 CIDR block and hosts services for Avaya LLC domains. No active threat indicators or malicious activity were detected.
## Technical Profile
Network Classification:
- ASN: 8075 (Microsoft Corporation)
- Organization: Microsoft Corporation / MSFT
- Infrastructure Type: CloudCompute (Microsoft Azure)
- Geolocation: Toronto, Ontario, Canada (43.65°N, 79.38°W)
- Network Role: Hosting / Web Server
Service Exposure:
- Open Ports: 443/TCP (HTTPS)
- Server Banner: Microsoft-Azure-Application-Gateway/v2
- TLS Version: 1.3 with AES-256-GCM-SHA384 cipher suite
- HTTP Status: 502 (Bad Gateway) observed in recent probes
Certificate Intelligence:
- Issuer: Sectigo Public Server Authentication CA OV R36
- Subject: CN=core.avaya-mdb53.ec.avayacloud.com, O=Avaya LLC, S=New Jersey, C=US
- Associated Domains: core.avaya-mdb53.ec.avayacloud.com, admin.analytics.avaya-mdb53.ec.avayacloud.com, bi.analytics.avaya-mdb53.ec.avayacloud.com
DNS Configuration:
- SPF: Configured (v=spf1 ip4:205.220.185.38 ip4:143.55.144.61 include:spf-00186901.pphosted.com include:_spf.mx.cloudflare.net ~all)
- DMARC: Configured (p=quarantine policy)
- TXT Records: 8 total records
## Threat Assessment
Risk Score: 25/100 (Low Risk)
Threat Indicators:
- Blacklist Count: 0
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Abusive Confidence Score: Not applicable
- Campaign Matches: 0
Control Plane:
- DNSBL Listed: 1 of 8 total lists
- Route Stability: Unstable
- RPKI State: Not validated
- MOAS Status: False
## Historical Analysis
Observation Count: 21 signals tracked
Temporal Trends:
- Consistent Microsoft Azure infrastructure classification across all observations
- TLS 1.3 cipher suites deployed consistently
- SPF and DMARC records maintained for avayacloud.com domains
- Persistent HTTP 502 status code observed (indicates service instability rather than malicious activity)
- No ownership changes or threat persistence detected
## Neighborhood Analysis
Subnet: 20.63.36.40/24
- Abuse Density: 0.0 (Clean)
- Total Siblings: 2
- Active Siblings: 0
- Threat Siblings: 1
- Classification: Mostly Clean
Neighbor IP: 20.63.36.192/32 (Risk Score: 25)
- Risk Distribution: 1 Low, 0 Medium, 0 High
## Related Intelligence
Relationships: 16 connections identified, all classified as "Same Network" (MSFT), confirming integration within Microsoft's infrastructure network.
Campaign Correlation: No active campaigns, certificate matches, or correlated IPs detected.
## Recommended Actions
Security Posture: No immediate action required. The IP represents legitimate Microsoft Azure infrastructure with no active threat indicators.
Monitoring Recommendations:
- Monitor for changes in HTTP status codes (persistent 502 may indicate service degradation)
- Continue observation of certificate validity and domain associations
- Track DNSBL listing status for potential reputation impacts
Network Rules: No firewall blocking recommended. Standard Azure egress/ingress policies apply.
## Conclusion
IP 20.63.36.40 is benign Microsoft Azure infrastructure supporting Avaya LLC services. The low risk score, zero blacklist presence, and consistent cloud infrastructure classification indicate legitimate operational use. No defensive action required beyond standard monitoring.
---
*Intel generated by IPDebrief. Data current as of 2026-06-21.*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | MSFT |
| CIDR Block | 20.33.0.0/16 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| Closed Ports | 22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | Microsoft-Azure-Application-Gateway/v2 |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | core.avaya-mdb53.ec.avayacloud.comadmin.analytics.avaya-mdb53.ec.avayacloud.combi.analytics.avaya-mdb53.ec.avayacloud.com |
| Valid From | 2026-06-12T00:00:00+00:00 |
| Valid Until | 2026-12-27T23:59:59+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 198 days |
| Serial Number | 0080B22882532227FCC4281A057F5BA9A5 |
| Thumbprint | 7D831A60F318C1B2FD346EB8D4B2EDCC5747B307 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 27% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Mixed Signals (68%) โ 2 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ TLS certificate claims US but primary geo says CA
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-31 23:33:59 UTC |
| Last Seen | 2026-06-29 09:03:33 UTC |
| Profile Built | 2026-06-29 09:13:53 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 23 |
Full dossier details are available via our API.