IP Address: 40.93.132.1 ⚠ IP Confounder

⚠ IP Confounder Detected: Microsoft 365 Exchange Online Protection (EOP)
Exchange Online Protection (EOP) is a cloud-based email filtering service included with all Microsoft 365 subscriptions to protect against spam, malware, and phishing attacks. It automatically secures mailboxes by filtering incoming and outgoing messages in real-time using anti-spam, anti-malware, and content filters. During periods of active campaign activity, these can largely be ignored (esp. when recipients are on Exchange). However, forged emails have been observed from Microsoft infrastructure that have this signature too.

ℹ️ Network Annotation: Microsoft Network (365 vs Azure)

Differentiating between Office 365, including email protection services, and Azure (public cloud) when diagnosing incidents is challenging because they utilize shared Microsoft-owned IP ranges. Most of this is probably O365/Outlook or Defender protection breaking DKIM and SPF authentication. Disambiguation is a work-in-progress.

Last updated: 1/29/2026

This page shows DMARC authentication failure data for this IP address. Learn more about this data.

Geolocation Information

Country:: IN India
Region:: Maharashtra
City:: Pune
Coordinates:: 18.5211, 73.8502

WHOIS Information

Network Name:: MSFT
CIDR:: 40.74.0.0/15, 40.96.0.0/12, 40.112.0.0/13, 40.125.0.0/17, 40.120.0.0/14, 40.124.0.0/16, 40.76.0.0/14, 40.80.0.0/12
Owner:: Microsoft Corporation
Org ID:: MSFT
Address:: One Microsoft Way, Redmond, WA 98052
Reverse DNS:: mail-centralindiaazlp17010001.outbound.protection.outlook.com
Last updated: 2/5/2026

Analysis

This IP was first observed on October 23, 2024 and most recently on September 26, 2025. It has been associated with 11 failed authentication events affecting 13 messages, representing moderate activity. The IP belongs to MSFT (Microsoft Corporation), a network with activity associated with India. 8 other IPs in the same /24 subnet (40.93.132.*) also appear in this dataset.

Network Topology

Failures Detected from this IP

Showing 1-11 of 11 failures, affecting 13 messages

Date ▼	Messages
9/26/2025	1
9/24/2025	1
9/18/2025	1
9/11/2025	2
9/10/2025	1
7/18/2025	1
7/1/2025	1
6/19/2025	1
5/9/2025	2
5/2/2025	1
10/23/2024	1

External Reputation Lookups

Look up this IP in external threat intelligence and reputation databases (opens in new tab):

AbuseIPDB Cisco Talos Project Honey Pot GreyNoise VirusTotal Shodan Censys Spamhaus

Nearby IPs

Other IPs in the 40.93.132.0/24 range observed failing DMARC:

40.93.132.29 (11 failures), 40.93.132.7 (11 failures), 40.93.132.31 (10 failures), 40.93.132.25 (9 failures), 40.93.132.27 (9 failures), 40.93.132.28 (7 failures), 40.93.132.24 (7 failures), 40.93.132.4 (6 failures)