52.167.144.208
IP Intelligence Briefing: 52.167.144.208
Date: 2026-06-11
---
**1. Core Profile**
- Ownership:
- ASN: 8075 (Microsoft Corporation)
- Network: MSFT (Microsoft)
- Geolocation: Wisconsin, Madison, US (inferred via DNS and routing data).
- Risk Assessment:
- Reputation: Moderate Risk (Score: 50).
- Threat Indicators: No malicious indicators, spam, or known attacker associations.
- Network Role: Bingbot botnet (Microsoft infrastructure).
---
**2. Network Behavior**
- Services:
- No open ports or TLS certificates detected.
- DNS records point to `msnbot-52-167-144-208.search.msn.com` (Microsoft-owned domain).
- Control Plane:
- BGP prefix: `52.160.0.0/11` (Microsoft-owned).
- DNSSEC and CAA records validated; no route instability detected.
---
**3. Threat Observations**
- Historical Signals (Last 30 Days):
- 22 observations, with confidence scores ranging from 0.23 to 0.90.
- No persistent malicious activity or campaign correlations.
- DNSSEC Validity: Confirmed.
- Abuse Density: Low (0.371) in subnet, but 14% inherited risk from neighbors.
---
**4. Relationships & Neighbors**
- Linked Entities:
- Direct DNS association with Microsoftβs `search.msn.com` domain.
- Subnet: `52.167.144.208/24` (62 IPs total).
- Neighbor Risk:
- Total Neighbors: 82 (62 in subnet, 20 external).
- Risk Distribution: 11 medium-risk IPs, 71 low-risk IPs.
- Threat Siblings: 23 IPs with elevated risk.
---
**5. Actionable Insights**
- SOC Prioritization:
- Monitor DNS queries to `search.msn.com` for unusual volumes or patterns.
- Track BGP routing stability for the `52.160.0.0/11` prefix.
- Investigate neighbors with medium risk scores (e.g., `52.167.144.16`, `52.167.144.18`).
- Mitigation:
- No immediate firewall rules required; focus on anomaly detection.
---
Conclusion: This IP is part of Microsoftβs Bingbot botnet and shows no direct malicious activity. However, its subnet contains some risky neighbors, warranting further monitoring. No immediate threat to the network.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | MSFT |
| CIDR Block | 52.145.0.0/16 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | msnbot-52-167-144-208.search.msn.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | msnbot-52-167-144-208.search.msn.com |
π DNS Hygiene
| Hygiene Score | 100% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 38% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-26 12:52:16 UTC |
| Last Seen | 2026-06-29 03:11:01 UTC |
| Profile Built | 2026-06-29 03:12:45 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 25 |
Full dossier details are available via our API.