20.24.100.112
IP Intelligence Briefing: 20.24.100.112
Date: June 16, 2026
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Network Owner: Microsoft Corporation (AS 8075, Microsoft Azure)
- Geolocation: Hong Kong (HK), inferred via geo-validation with ~9,173 km distance from probe.
- Network Role: Cloud compute instance (Microsoft Azure), no public services or ports open.
- Threat Indicators:
- Listed in 8 threat intelligence sources (high severity) as of June 16, 2026.
- No known spam, attacker, or Tor exit node associations.
---
**2. Observation History**
- Recent Activity (June 16, 2026):
- Flagged in 8 threat feeds (confidence: 85%).
- Geo-validation confirmed plausible location but with high round-trip time (avg 227ms).
- Historical Trends:
- No persistent malicious activity detected (0 threat persistence days).
- Stable network ownership (Microsoft Azure) since at least June 12, 2026.
---
**3. Relationships & Network Context**
- Linked Entities:
- Same network (MSFT, Microsoft Azure).
- No known malicious relationships or subnets.
- Subnet Analysis:
- 20.24.100.0/24 subnet: 0 abuse density, no active neighbors.
---
**4. Threat & Risk Assessment**
- Likely Scenario:
- Legitimate Microsoft Azure resource, but recently flagged in high-severity threat feeds.
- Possible false positive or compromised cloud instance.
- Actionable Steps:
- Investigate threat feed sources for false positives.
- Monitor for unusual outbound traffic or service enumeration.
- Consider blocking until verified (e.g., via Microsoft support).
---
Conclusion:
The IP is associated with Microsoft Azure and shows no direct malicious activity. However, recent high-severity threat listings warrant further investigation to rule out compromise or misclassification. SOC teams should validate the threat sources and ensure cloud security controls are enforced.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | MSFT |
| CIDR Block | 20.0.0.0/11 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 19% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 27% | 2 | 3 |
| Overall | 19% | 9 | 12 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-30 10:58:46 UTC |
| Last Seen | 2026-06-29 07:38:00 UTC |
| Profile Built | 2026-06-29 07:39:19 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 19 |
Full dossier details are available via our API.