172.210.249.152

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 172.210.249.152/32

Classification: Moderate Risk Cloud Infrastructure

Generated: 2026-06-21

Risk Score: 65/100

## Executive Summary

IP 172.210.249.152 is a Microsoft Azure cloud compute resource (ASN 8075) with a moderate risk profile. The IP is classified as cloud infrastructure with no open services detected. Despite the cloud environment classification, the IP shows elevated risk indicators including DNSBL listings and control plane anomalies requiring monitoring.

## Ownership and Network Classification

Organization: Microsoft Azure (Divya Quamara)
ASN: 8075
CIDR Block: 172.210.0.0/16
Infrastructure Type: CloudCompute
Network Role: Firewalled / No Services
Geolocation: United States, Virginia (Boydton)
Routing Origin: 172.208.0.0/13

## Threat Indicators

Current threat assessment shows:

Known Attacker: No
Tor Exit Node: No
Spam Source: No
Blacklist Count: 0
Known Campaigns: None
Abuse Confidence: Not applicable

Anomalous Indicators:

DNSBL listings: 3 of 8 total lists
Control plane DNSBL listed count: 3
18 timed-out hops in traceroute (28 total hops)
First hop RTT: 0.2ms (unusually rapid)
ICMP validation blocked

## Historical Signal Analysis

Observation history reveals temporal signal patterns:

Recent Signal (2026-06-21): Operator score 0.1304 (Minimal), confidence 0.30
DNSSEC Status: Validated
Signal Type 2344 (2026-06-16): Listed on 8 threat feeds with 2 high-severity listings
Signal Type 15 (2026-06-16): Full dimension coverage across threat, routing, services, ownership, reputation, and geolocation

Persistence Metrics:

Threat persistence days: 0
Threat observation count: 0
Ownership changes: 0

## Neighborhood Assessment

Subnet 172.210.249.0/24 analysis:

Abuse Density: 0
Classification: Clean
Active Siblings: 1
Threat Siblings: 0
High-Risk Neighbors: 0
Medium-Risk Neighbors: 0
Low-Risk Neighbors: 0

## Network Relationships

The IP has 12 relationship entries, all classified as "Same Network" targeting network value "cloud." No external entity relationships detected.

## Recommended Actions

Immediate Actions:

1. Monitoring: Increase logging verbosity and review recent activity from this IP

- Severity: High (Risk score 65/100)

- Rationale: Elevated risk score warrants enhanced visibility

Firewall Rules:

```

iptables: iptables -A INPUT -s 172.210.249.152 -j DROP

nftables: nft add rule inet filter input ip saddr 172.210.249.152 drop

nginx: deny 172.210.249.152;

pfsense: 172.210.249.152/32

Cloudflare WAF: Block IP (expression: ip.src eq 172.210.249.152)

AWS WAF: Block Addresses: 172.210.249.152/32

```

## Intelligence Assessment

This IP represents Microsoft Azure cloud infrastructure with moderate risk characteristics. The absence of open services and clean neighborhood profile suggests legitimate cloud usage, but the elevated risk score (65) combined with DNSBL listings warrants continued monitoring. The rapid first-hop RTT and timed-out hops indicate potential routing anomalies.

Priority: Monitor

Recommended Action: Implement firewall blocking with enhanced logging for forensic correlation if activity is observed.

---

*Data sourced from IPDebrief Intelligence Platform. All information is based on observed network signals and threat intelligence feeds.*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	VA
City	Virginia
Timezone	America/New_York
Latitude	36.67
Longitude	-78.93

🏢 Ownership & Registration

Organization	Divya Quamara
ASN	AS8075
Network Name	cloud
CIDR Block	172.210.0.0/16
RIR	ARIN
Country	US
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	27%	2	4
routing	13%	1	1
services	19%	2	2
ownership	27%	2	3
reputation	22%	1	3
geolocation	27%	2	3
Overall	22%	10	16

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-30 10:58:22 UTC
Last Seen	2026-06-29 07:34:09 UTC
Profile Built	2026-06-29 07:39:20 UTC
Data Freshness	Live
Signal Types	21
Total Observations	21

🔍 21 signal types · 21 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

172.210.249.152📋 Copy