167.172.71.66

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 167.172.71.66/32

Date: 2026-06-26

Classification: LOW RISK / LEGITIMATE INFRASTRUCTURE

Analyst: IPDebrief Intelligence Team

---

## Executive Summary

IP 167.172.71.66 is a DigitalOcean cloud compute instance hosting Microsoft services. The IP presents a low-risk profile (risk score 25/100) with legitimate business infrastructure characteristics. While the IP is listed on one blacklist with high severity, context indicates this may be a false positive or related to Microsoft's security infrastructure. No immediate blocking is recommended, but monitoring is advised.

---

## Infrastructure Profile

Attribute	Value
IP Address	167.172.71.66
Provider	DigitalOcean (ASN: 14061)
Organization	digitalocean
Location	Redmond, WA, US
Infrastructure Type	Cloud Compute (DigitalOcean)
Network Block	167.172.64.0/20
Route Stability	Unstable (false)
BGP Prefix	167.172.64.0/20

---

## Technical Services

Open Ports:

Port 443/TCP: HTTPS (web server)
Port 22/TCP: SSH (OpenSSH_9.6p1 Ubuntu-3ubuntu13.16)

TLS Certificate:

Issuer: Microsoft TLS G2 RSA CA OCSP 04, O=Microsoft Corporation, C=US
Subject: CN=www.microsoft.com, O=Microsoft Corporation, L=Redmond, S=WA, C=US
Common Names: wwwqa.microsoft.com, www.microsoft.com, staticview.microsoft.com, i.s-microsoft.com, microsoft.com (+2 more)
Certificate Type: Not self-signed

Server Identification:

Banner: AkamaiGHost
HTTP Status: 400 (Bad Request)
Protocol: HTTP/1.0

---

## Threat Assessment

Risk Score: 25/100 (Low Risk)

Blacklist Status:

Lists Listed: 1 of 8 total lists
Maximum Severity: High
DNSBL Listings: Present (requires investigation)

Threat Indicators:

Is Tor Exit Node: No
Is Known Attacker: No
Is Spam Source: No
Campaign Likelihood: None
Known Campaigns: None
Threat Feeds: None

Abuse Confidence: Not determined

---

## Neighborhood Analysis

Subnet: 167.172.71.0/24

Abuse Density: 0.5 (moderate)
Classification: mostly_clean
Total Siblings: 2
Active Siblings: 2
Threat Siblings: 1

Neighbor IP:

167.172.71.29: Risk Score 25 (low risk)

Risk Distribution: 1 low-risk neighbor identified

---

## Historical Observations

Total Signals Observed: 21

Recent Activity (2026-06-26):

Subnet Analysis: Abuse density 0.5, classification mostly_clean
HTTP Response: Status 400, server AkamaiGHost, HTTPS enabled
DNS Records: Domain s-microsoft.com with DMARC policy (p=reject)
Geolocation: Redmond, WA, US (confidence 0.385)
Blacklist Status: Listed on 1 list with high severity

Temporal Analysis:

Ownership Changes: 0
Threat Persistence Days: 0
Threat Observation Count: 1
Persistently Malicious: No

---

## Relationships

Network Associations: 36 relationships identified, all mapping to DigitalOcean network infrastructure.

Key Relationships:

Same Network: DigitalOcean (36 instances)
No certificate or hostname relationships detected beyond Microsoft infrastructure

---

## Recommended Actions

Immediate Actions: None required (risk score 25)

Firewall Rules: Not recommended at this time

Monitoring Recommendations:

1. Monitor blacklist status for the high-severity listing

2. Verify if blacklist listing is related to Microsoft security infrastructure

3. Continue passive monitoring for any risk score increases

4. Review DNSBL listings to determine source and reason for listing

Confidence Level: Medium-High

---

## Conclusion

IP 167.172.71.66 represents legitimate Microsoft infrastructure hosted on DigitalOcean cloud infrastructure. The IP hosts Microsoft web services and has properly configured security policies (SPF, DMARC). While listed on one blacklist with high severity, the overall risk profile remains low (25/100) with no threat indicators detected. The IP should be allowed through with continued monitoring.

Classification: LOW RISK

Action: ALLOW WITH MONITORING

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	WA
City	Redmond
Timezone	America/Los_Angeles
Latitude	47.67
Longitude	-122.12

🏢 Ownership & Registration

Organization	digitalocean
ASN	AS14061
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	1/2 domains
DMARC	2/2 domains
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured
Domains Checked	2 domains

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
443	https	tcp	—
22	ssh	tcp	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
Closed Ports	25, 80, 3389, 8080, 8443 (2 open / 7 scanned)

Server	AkamaiGHost
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16

🔐 TLS Certificate

🔒

CN=www.microsoft.com, O=Microsoft Corporation, L=Redmond, S=WA, C=US

Issued by CN=Microsoft TLS G2 RSA CA OCSP 04, O=Microsoft Corporation, C=US

Self-signed: No

SANs	wwwqa.microsoft.comwww.microsoft.comstaticview.microsoft.comi.s-microsoft.commicrosoft.comc.s-microsoft.comprivacy.microsoft.com
Valid From	2026-01-22T19:55:21+00:00
Valid Until	2027-01-17T19:55:21+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha384RSA
Validity Period	360 days
Serial Number	43000253929E1C999055F04653000000025392
Thumbprint	ADA5F27D8ECEC5416F5FE19043310DDD305C024B

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	33%	2	4
routing	8%	1	1
services	28%	2	3
ownership	20%	2	3
reputation	30%	1	3
geolocation	31%	2	3
Overall	25%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-11 21:10:11 UTC
Last Seen	2026-06-27 19:56:19 UTC
Profile Built	2026-06-28 14:01:30 UTC
Data Freshness	Live
Signal Types	22
Total Observations	27

🔍 22 signal types · 27 observations collected

This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

167.172.71.66📋 Copy