20.173.116.24

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING: 20.173.116.24

## Executive Summary

Microsoft Azure cloud infrastructure address classified as MODERATE RISK (65/100) with elevated DNSBL listings and active SSH service exposure. Requires monitoring and consideration for blocking based on organizational risk tolerance.

## Asset Profile

Attribute	Value
IP Address	20.173.116.24/32
Risk Score	65/100 (Moderate Risk)
Organization	Microsoft Corporation (AS8075)
Infrastructure	Microsoft Azure Cloud Compute
Geolocation	Doha, Qatar (US registration)
Network Role	Single-Service Cloud Host

## Threat Indicators

DNSBL Listings: 3/8 lists (High severity maximum)
Control Plane: Route stability issues detected (isRouteStable=false)
Operator Score: 0.2174 (Minimal)
DNSBL Count: 3 total listings
Persistence: 1 threat observation (not persistently malicious)

## Service Exposure

Port 22/TCP: SSH (OpenSSH_8.9p1 Ubuntu-3ubuntu0.15)
TLS/Certificates: None detected
HTTP Services: Not detected
Banner Analysis: SSH service banner confirmed

## Neighborhood Analysis

Subnet: 20.173.116.24/24
Abuse Density: Minimal (0-1)
Classification: Mostly clean
Active Siblings: 1 (1 threat sibling identified)

## Historical Trend

29 observations recorded. Recent signals indicate:

Minimal operator risk (0.25 raw score)
Confirmed cloud infrastructure (Microsoft Azure)
No persistent malicious activity detected
DNSBL activity present in recent observations

## Intelligence Assessment

This IP represents Microsoft Azure cloud infrastructure with moderate risk classification. The elevated risk score (65/100) combined with DNSBL listings suggests potential abuse or configuration issues. SSH exposure on port 22 provides a legitimate service access point that may be targeted. Geographic discrepancy (US registration, Qatar geolocation) warrants attention but is consistent with Azure's global infrastructure.

No evidence of active campaign participation or persistent malicious behavior.

## Recommended Actions

Immediate

Increase logging verbosity for traffic from 20.173.116.24
Review recent activity patterns and connection attempts

Firewall Rules

```bash

# iptables

iptables -A INPUT -s 20.173.116.24 -j DROP

# nftables

nft add rule inet filter input ip saddr 20.173.116.24 drop

# nginx

deny 20.173.116.24;

# pfSense

20.173.116.24/32

```

Cloud Platform Rules

```json

// Cloudflare WAF

{"description":"Block 20.173.116.24 — IPDebrief risk score 65","action":"block","filter":{"expression":"ip.src eq 20.173.116.24"}}

// AWS WAF

{"Addresses":["20.173.116.24/32"],"Description":"IPDebrief risk 65"}

```

## Final Recommendation

MONITOR — Elevated risk classification warrants increased visibility. Consider blocking if threat intelligence correlation identifies this IP as malicious. Microsoft Azure infrastructure should be evaluated against known threat actor patterns before implementing blocking.

---

*Generated via IPDebrief Intelligence Platform*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	Baladiyat ad Dawhah
City	Doha
Timezone	—
Latitude	25.29
Longitude	51.53

🏢 Ownership & Registration

Organization	Microsoft Corporation
ASN	AS8075
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	40% (Fair)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Single-Service Host
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
22	ssh	tcp	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15
Closed Ports	25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned)

Server	—
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	40%	2	5
routing	8%	1	1
services	20%	2	3
ownership	20%	2	3
reputation	26%	1	3
geolocation	30%	2	3
Overall	24%	10	18

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:07 UTC
Last Seen	2026-06-27 03:11:50 UTC
Profile Built	2026-06-27 21:18:49 UTC
Data Freshness	Live
Signal Types	24
Total Observations	31

🔍 24 signal types · 31 observations collected

This report is generated from 24+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

20.173.116.24📋 Copy