52.167.144.181
IP Intelligence Briefing: 52.167.144.181
Date: 2026-06-12
---
**1. Core Profile**
- Risk Score: 50 (Moderate Risk)
- Provider: Microsoft Corporation (ASN 8075)
- Geolocation: Madison, WI, US (validated via DNS and IP signals)
- Network Role: CloudCompute (Bingbot service)
- Threat Indicators: No direct malicious activity detected (no malware, phishing, or exploitation signals).
---
**2. Observation History**
- Recent Signals (Last 30 Days):
- DNS Associations: Linked to `msnbot-52-167-144-181.search.msn.com` (Microsoft-owned domain).
- Threat Feeds: 1 high-severity listing (unknown source) with moderate confidence.
- Geolocation: Validated via DNS (866km accuracy), but ICMP blocked, limiting RTT validation.
- Network Stability: BGP route stability score: 0.3478 (Basic).
---
**3. Relationships**
- Network Affiliations:
- Same ASN (MSFT) and subnet (52.167.144.181/24).
- DNS ties to `msn.com` (SPF/DKIM validated).
- No Known Malicious Associations: No ties to known attackers, spam, or Tor networks.
---
**4. Neighborhood Analysis**
- Subnet (52.167.144.181/24):
- Abuse Density: 0.4286 (mixed risk).
- High-Risk Neighbors: 27 IPs flagged (17 medium, 10 low).
- Active Siblings: 29 IPs (63 total in subnet).
- Inherited Risk: 17 (likely from neighboring IPs).
---
**5. Recommended Actions**
- Firewall Blocking:
- iptables: `iptables -A INPUT -s 52.167.144.181 -j DROP`
- Cloudflare WAF: Block IP with rule `{ "action": "block", "expression": "ip.src eq 52.167.144.181" }`
- AWS WAF: Add `52.167.144.181/32` to IP set.
- Monitoring:
- Scrutinize DNS activity for `msnbot-52-167-144-181.search.msn.com`.
- Monitor subnet for increased risk due to neighboring IPs.
- Validate geolocation via alternative methods (e.g., traceroute).
---
Conclusion:
The IP is part of Microsoftβs Bingbot infrastructure, with no direct malicious activity. However, its subnet contains a mix of low/medium-risk IPs, and one high-severity threat listing suggests potential indirect risks. Block the IP unless critical for operations, and monitor for anomalies in network behavior or DNS activity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | MSFT |
| CIDR Block | 52.145.0.0/16 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | msnbot-52-167-144-181.search.msn.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | msnbot-52-167-144-181.search.msn.com |
π DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 21% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-01 17:54:33 UTC |
| Last Seen | 2026-06-21 07:56:51 UTC |
| Profile Built | 2026-06-21 08:02:45 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 25 |
Full dossier details are available via our API.