20.9.22.213
# IP Intelligence Briefing: 20.9.22.213/32
Classification: Low Risk - Legitimate Cloud Infrastructure
Risk Score: 25/100
Date: Current
---
## Executive Summary
IP 20.9.22.213 is a Microsoft Azure cloud compute resource operating within the corporate /11 block (20.0.0.0/11). The asset presents a low-risk profile with no active threat indicators, blacklisting, or malicious activity. Infrastructure analysis confirms legitimate cloud hosting with standard web server configuration.
---
## Ownership and Infrastructure
| Attribute | Value |
|---|---|
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Netname | MSFT |
| CIDR Block | 20.0.0.0/11 |
| RIR | ARIN |
| Network Role | Microsoft Azure - CloudCompute |
| Infrastructure Type | Cloud Hosting |
The IP is classified as cloud infrastructure with hosting capabilities enabled. No CDN, VPN, proxy, or residential indicators detected.
---
## Geolocation
| Attribute | Value |
|---|---|
| Country | United States (US) |
| Region | Iowa (IA) |
| City | Des Moines |
| Coordinates | 41.6°N, -93.61°W |
| Timezone | America/Chicago |
| GeoValidation | ICMP blocked - validation inconclusive |
Multiple geo-source consensus confirms US-based deployment within Microsoft's Iowa data center region.
---
## Network Services and TLS
| Attribute | Value |
|---|---|
| Open Ports | TCP/443 (HTTPS) |
| HTTP Status | 404 Not Found |
| TLS Certificate | Microsoft TLS G2 RSA CA OCSP 10 |
| Certificate Subject | *.azurewebsites.net |
| Issuer | Microsoft Corporation, Redmond, WA, US |
| SANs | *.azurewebsites.net, *.scm.azurewebsites.net, *.sso.azurewebsites.net, *.westcentralus-01.azurewebsites.net |
TLS certificate validation confirms legitimate Azure Website infrastructure with wildcard certificate for Microsoft's Azure Web Services.
---
## Threat Intelligence
| Metric | Status |
|---|---|
| Abuse Confidence Score | Null |
| Blacklist Count | 0 |
| Known Attacker | No |
| Spam Source | No |
| Tor Exit Node | No |
| Active Campaigns | None |
| DNSBL Listed | 1 of 8 lists |
| Threat Persistence | 0 days |
No threat indicators detected. The single DNSBL listing does not correlate with malicious activity patterns.
---
## Observation History (22 Signals)
Recent observations from 2026-06-21 indicate:
- HTTP 404 responses with HTTPS scheme
- Microsoft Azure cloud infrastructure classification
- US geolocation inference (Des Moines, IA)
- Azure Mobile domain DNS activity
- Minor threat pulse signals from AlienVault OTX (2 pulses)
No escalating threat patterns observed.
---
## Network Neighborhood Analysis
| Metric | Value |
|---|---|
| Subnet | 20.9.22.213/24 |
| Abuse Density | 0 (Clean) |
| Threat Siblings | 0 |
| Total Siblings | 1 active |
The /24 subnet shows no abuse activity. No neighboring IPs flagged as threats.
---
## Relationships
17 relationships identified, all within the Microsoft network (MSFT). No cross-organization or external entity relationships detected.
---
## Security Assessment
Risk Rating: LOW (25/100)
Key Findings:
1. Legitimate Microsoft Azure cloud infrastructure
2. No malicious activity or blacklisting
3. Standard web server configuration on TCP/443
4. Clean neighborhood with no adjacent threat indicators
5. No historical escalation in threat patterns
Recommendation: No blocking required. Continue monitoring as part of normal cloud infrastructure baseline.
---
## Recommended Actions
No specific firewall rules or blocking recommendations generated based on current risk profile. Standard allow rules for Microsoft Azure traffic may apply depending on organizational security policies.
Classification: Intel-Defensive
Status: Complete
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | MSFT |
| CIDR Block | 20.0.0.0/11 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | 0/2 domains |
| DMARC | 0/2 domains |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | *.azurewebsites.net*.scm.azurewebsites.net*.sso.azurewebsites.net*.westcentralus-01.azurewebsites.net*.scm.westcentralus-01.azurewebsites.net*.sso.westcentralus-01.azurewebsites.net*.westcentralus.c.azurewebsites.net*.scm.westcentralus.c.azurewebsites.net*.sso.westcentralus.c.azurewebsites.net*.azure-mobile.net |
| Valid From | 2026-06-03T03:54:08+00:00 |
| Valid Until | 2026-11-30T03:54:08+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384RSA |
| Validity Period | 180 days |
| Serial Number | 49004130555EF6B3E60F7C8D16000000413055 |
| Thumbprint | 8D76632F49E6EAE9051B3370A1C01C46CC0DB210 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 27% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 20% | 2 | 3 |
| Overall | 21% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-28 12:25:21 UTC |
| Last Seen | 2026-06-29 05:26:47 UTC |
| Profile Built | 2026-06-29 05:31:22 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 24 |
Full dossier details are available via our API.