IPDebrief

20.79.41.250

IP Intelligence Dossier
Your IP: 216.73.217.135
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IPDEBRIEF INTELLIGENCE BRIEFING

Target: 20.79.41.250/32

Date: Current

Risk Assessment: MODERATE RISK (65/100)

---

## EXECUTIVE SUMMARY

IP address 20.79.41.250 is registered to Microsoft Corporation (ASN 8075) as Microsoft Azure cloud infrastructure. While the IP represents legitimate cloud compute infrastructure, the moderate-to-elevated risk score (65/100) and historical blacklist activity warrant SOC monitoring. The IP is not currently associated with active threat campaigns but exhibits characteristics requiring enhanced logging and verification.

---

## OWNERSHIP & INFRASTRUCTURE

AttributeValue
OrganizationMicrosoft Corporation
ASN8075
Network Block20.64.0.0/10
Infrastructure TypeCloudCompute (Microsoft Azure)
ClassificationCloud Hosting

The IP resides within Microsoft Azure's cloud infrastructure block, confirming legitimate provider ownership.

---

## THREAT INDICATORS

Current Threat Profile:

Open Services:

TLS Certificate:

---

## OBSERVATION HISTORY

Monitoring Period: 23 observations recorded

Key Historical Signals:

Temporal Analysis:

---

## NETWORK RELATIONSHIPS

---

## SOC ACTIONABLE RECOMMENDATIONS

Priority: HIGH

1. Enhanced Logging: Increase logging verbosity for traffic from this IP source

2. Verification Protocol: Cross-reference with internal allowlists and Microsoft Azure tenant records

3. RDP Exposure Assessment: Evaluate whether RDP (3389) exposure is expected for this service

Recommended Firewall Actions

PlatformRule
iptables`iptables -A INPUT -s 20.79.41.250 -j DROP`
nftables`nft add rule inet filter input ip saddr 20.79.41.250 drop`
nginx`deny 20.79.41.250;`
pfSense`20.79.41.250/32` (block rule)
Cloudflare WAFBlock IP (risk score 65)
AWS WAFAdd 20.79.41.250/32 to IP set with description "IPDebrief risk 65"

---

## INTELLIGENCE NARRATIVE

The IP address 20.79.41.250 represents Microsoft Azure cloud infrastructure with legitimate provider ownership. However, the elevated risk score and historical blacklist activity suggest potential abuse or compromise of cloud resources. The presence of RDP (port 3389) is notableβ€”while common in cloud environments, this exposure combined with blacklist history warrants investigation. The TLS certificate for "schemas.tailor-made-software.biz" is inconsistent with typical Microsoft Azure service patterns and should be verified against known Microsoft domain infrastructure.

Recommendation: Treat as potential compromised cloud infrastructure. Implement monitoring while maintaining the distinction between legitimate Microsoft services and potential abuse vectors. Do not block without correlating with internal threat intelligence and Microsoft abuse reports.

---

Report Generated: Current

Data Source: IPDebrief Intelligence Platform

Classification: Internal Threat Intelligence

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionHE
CityFrankfurt am Main
Timezoneβ€”
Latitude50.12
Longitude8.68

🏒 Ownership & Registration

OrganizationMicrosoft Corporation
ASNAS8075
Network Nameβ€”
CIDR Blockβ€”
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTR RecordNo PTR
Forward ConfirmedNo β€” PTR hostname does not resolve back to this IP (weak signal)

πŸ” DNS Hygiene

Hygiene Score40% (Fair)
SPFPresent
DMARCNot configured
FCrDNSNot verified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeWeb Server
Network TierHosting β€” Infrastructure provider without advanced routing
CloudHosting

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
80httptcpβ€”
443httpstcpβ€”
3389rdptcpβ€”
Closed Ports22, 25, 8080, 8443 (3 open / 7 scanned)
ServerMicrosoft-HTTPAPI/2.0
HTTP Titleβ€”

πŸ” TLS Certificate

An expired certificate for CN=schemas.tailor-made-software.biz was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.
πŸ”’
CN=schemas.tailor-made-software.biz
Issued by CN=R13, O=Let's Encrypt, C=US
Self-signed: No
SANsschemas.tailor-made-software.biz
Valid From2025-09-17T16:50:25+00:00
Valid Until2025-12-16T16:50:24+00:00 (expired)
TLS ProtocolTls13
Cipher SuiteTLS_AES_256_GCM_SHA384
Signature Algorithmsha256RSA
Validity Period89 days
Serial Number061F0638CECED37AD0EEF0E7326F0C72AFDF
ThumbprintAAF6DC858EB13A82C4A81035CCB74CF2A5E7591E

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
26%
23
routing
8%
11
services
26%
23
ownership
20%
23
reputation
15%
12
geolocation
33%
23
Overall21%1015
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (50%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-19 21:39:56 UTC
Last Seen2026-06-28 09:58:25 UTC
Profile Built2026-06-29 04:01:53 UTC
Data FreshnessLive
Signal Types21
Total Observations24
πŸ” 21 signal types Β· 24 observations collected
This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.