IP Address: 40.93.2.29 ⚠ IP Confounder

⚠ IP Confounder Detected: Microsoft 365 Exchange Online Protection (EOP)
Exchange Online Protection (EOP) is a cloud-based email filtering service included with all Microsoft 365 subscriptions to protect against spam, malware, and phishing attacks. It automatically secures mailboxes by filtering incoming and outgoing messages in real-time using anti-spam, anti-malware, and content filters. During periods of active campaign activity, these can largely be ignored (esp. when recipients are on Exchange). However, forged emails have been observed from Microsoft infrastructure that have this signature too.

ℹ️ Network Annotation: Microsoft Network (365 vs Azure)

Differentiating between Office 365, including email protection services, and Azure (public cloud) when diagnosing incidents is challenging because they utilize shared Microsoft-owned IP ranges. Most of this is probably O365/Outlook or Defender protection breaking DKIM and SPF authentication. Disambiguation is a work-in-progress.

Last updated: 1/29/2026

This page shows DMARC authentication failure data for this IP address. Learn more about this data.

Geolocation Information

Country:: US United States
Region:: Virginia
City:: Washington
Coordinates:: 38.7095, -78.1539

WHOIS Information

Network Name:: MSFT
CIDR:: 40.96.0.0/12, 40.112.0.0/13, 40.125.0.0/17, 40.120.0.0/14, 40.124.0.0/16, 40.74.0.0/15, 40.76.0.0/14, 40.80.0.0/12
Owner:: Microsoft Corporation
Org ID:: MSFT
Address:: One Microsoft Way, Redmond, WA 98052
Reverse DNS:: mail-eastusazlp17012029.outbound.protection.outlook.com
Last updated: 2/5/2026

Analysis

This IP was first observed on September 11, 2025 and most recently on March 12, 2026. It has been associated with 3 failed authentication events affecting 3 messages, representing low but recurring activity. The IP belongs to MSFT (Microsoft Corporation), a network with activity associated with United States. 8 other IPs in the same /24 subnet (40.93.2.*) also appear in this dataset.

Network Topology

Failures Detected from this IP

Showing 1-3 of 3 failures, affecting 3 messages

Date ▼	Messages
3/12/2026	1
9/25/2025	1
9/11/2025	1

External Reputation Lookups

Look up this IP in external threat intelligence and reputation databases (opens in new tab):

AbuseIPDB Cisco Talos Project Honey Pot GreyNoise VirusTotal Shodan Censys Spamhaus

Nearby IPs

Other IPs in the 40.93.2.0/24 range observed failing DMARC:

40.93.2.31 (8 failures), 40.93.2.55 (5 failures), 40.93.2.54 (4 failures), 40.93.2.68 (4 failures), 40.93.2.12 (3 failures), 40.93.2.60 (3 failures), 40.93.2.9 (2 failures), 40.93.2.53 (2 failures)