20.9.46.138
IP Intelligence Briefing: 20.9.46.138
Date: 2026-06-12
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Ownership: Microsoft Corporation (AS: 8075, MSFT)
- Geolocation:
- City: Des Moines, IA, US
- Coordinates: Latitude 41.0613, Longitude -95.1226
- Geo Plausibility: False (RTT anomaly: 50ms vs. expected 141.3ms for 7066km)
- Network Role: Microsoft Azure CloudCompute (Firewalled / No Services)
- Threat Indicators: No malicious activity detected (no indicators, campaigns, or DNSBL listings).
---
**2. Observation History**
- Latest Geolocation (2026-06-12):
- Inferred location with 40% confidence.
- RTT anomaly: 50ms (significantly below expected for distance).
- DNSBL Listings (2026-06-12):
- Listed in 1/8 DNSBLs (confidence: 85%).
- Network Stability:
- 0 route changes in 30 days; route stability: False.
- BGP prefix: `20.0.0.0/11` (Microsoft-owned).
---
**3. Relationships**
- Network Affiliation:
- Linked to Microsoftβs AS 8075 (MSFT) via same subnet (`20.9.46.138/24`).
- Subnet Abuse Density: 0% (clean).
- No Certificates, Hostnames, or Email Auth Records Found.
---
**4. Neighborhood Analysis**
- Subnet: `20.9.46.138/24`
- Neighbor IPs: 0 active siblings (no neighboring IPs reported).
- Abuse Density: 0% (no malicious activity in subnet).
---
**5. Recommendations**
- Monitor: Track geolocation anomalies and DNSBL listings for potential false positives.
- Firewall: Allow traffic to Microsoft Azure infrastructure (AS 8075) as legitimate.
- Verify: Cross-check geolocation data with Microsoftβs IP ranges for accuracy.
Conclusion: 20.9.46.138 is a legitimate Microsoft Azure server with no current threat indicators. The geolocation anomaly suggests potential misconfiguration or spoofing, but no malicious activity is confirmed. No action required at this time.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | MSFT |
| CIDR Block | 20.0.0.0/11 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 38% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 32% | 1 | 4 |
| geolocation | 27% | 2 | 3 |
| Overall | 25% | 9 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-01 11:44:26 UTC |
| Last Seen | 2026-06-21 07:28:51 UTC |
| Profile Built | 2026-06-21 07:36:48 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 21 |
Full dossier details are available via our API.