158.158.112.217

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 158.158.112.217/32

Classification: Microsoft Azure Cloud Infrastructure

Risk Assessment: LOW RISK (Score: 25/100)

Date: June 2026

Analyst: IPDebrief Intelligence Team

---

## Executive Summary

IP address 158.158.112.217 is a Microsoft Azure cloud compute resource with low-risk characteristics. The IP operates within Microsoft's 158.158.0.0/16 address block, registered under ASN 8075 (IRT-MICROSOFT-APNIC-SG). Geographic location reports Madrid, Spain, with service classification as cloud infrastructure with no open ports or active services.

---

## Infrastructure Profile

Attribute	Value
Organization	MICROSOFT-APNIC-AP
ASN	8075
Infrastructure Type	CloudCompute (Microsoft Azure)
Geolocation	Madrid, Spain (40.42°N, -3.7°W)
CIDR Block	158.158.0.0/16
Timezone	Europe/Madrid

---

## Threat Indicators

Risk Score: 25 (Low Risk)
Abuse Confidence Score: Not applicable
Blacklist Count: 0
Known Campaigns: None
Tor Exit Node: No
Known Attacker: No
Spam Source: No

Threat Feeds: No indicators detected across threat feeds

---

## Network Behavior

Route Stability: Stable (isRouteStable: true)
BGP Origin: ASN 8075
AS Path: 49788 → 8075
Operator Score: 0.3478 (Basic)
DNSBL Listed: 0 lists
Open Ports: None
Services: No active services (Firewalled / No Services)

---

## Neighborhood Analysis (158.158.112.0/24)

Metric	Value
Abuse Density	0 (mostly_clean)
Active Siblings	2
Threat Siblings	2
Risk Distribution	1 Low, 0 Medium, 0 High
Neighbor IP	158.158.112.230 (Risk Score: 25)

Assessment: The /24 subnet demonstrates low abuse density with sibling IPs showing comparable risk profiles (25), indicating consistent cloud infrastructure behavior.

---

## Historical Observation (26 Observations)

Timeline: June 17–18, 2026

Key Findings:

Consistent routing and reputation signals across observation window
Subnet abuse density classified as "mostly_clean"
Operator score remained stable at 0.3478 (Basic)
No escalation in threat indicators
Route stability maintained throughout observation period

---

## Related Entities

Network Relationships: 25 relationships identified, all classified as "Same Network" (MICROSOFT-APNIC-AP)
No external relationships: No links to hostile organizations, malicious hostnames, or suspicious certificates

---

## Recommended Actions

Firewall Policy:

Default Action: ALLOW (Low-risk cloud infrastructure)
Monitoring: Standard logging recommended
Block Threshold: Not recommended (risk score < 50)

SOC Handling:

Treat as legitimate Microsoft Azure traffic
No additional investigation required unless correlated with other suspicious activity
Traffic patterns consistent with cloud service operation

---

## Conclusion

IP 158.158.112.217 presents a low-risk profile consistent with Microsoft Azure cloud infrastructure. The IP shows stable routing, no threat indicators, and operates within a clean neighborhood. No defensive actions beyond standard cloud traffic handling are warranted at this time.

Status: MONITOR (Low Risk)

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇪🇸 Spain
Region	MD
City	Madrid
Timezone	Europe/Madrid
Latitude	40.42
Longitude	-3.70

🏢 Ownership & Registration

Organization	IRT-MICROSOFT-APNIC-SG
ASN	AS8075
Network Name	MICROSOFT-APNIC-AP
CIDR Block	158.158.0.0/16
RIR	ARIN
Country	SG
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	28%	2	4
routing	24%	2	3
services	15%	2	2
ownership	24%	2	3
reputation	27%	1	3
geolocation	30%	2	3
Overall	24%	11	18

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:03:49 UTC
Last Seen	2026-06-27 00:46:02 UTC
Profile Built	2026-06-27 20:58:59 UTC
Data Freshness	Live
Signal Types	25
Total Observations	32

🔍 25 signal types · 32 observations collected

This report is generated from 25+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

158.158.112.217📋 Copy