52.185.75.214

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

Threat Intelligence Briefing: IP Address 52.185.75.214/32

Summary:

The IP address 52.185.75.214/32 is associated with Microsoft Corporation (ASN 8075) and operates as a Microsoft Azure cloud infrastructure node. It hosts HTTP/HTTPS services with a server banner of *"Microsoft-Azure-Application-Gateway/v2"*, indicating it is part of Microsoft's managed application gateway service.

Key Findings:

1. Risk Profile:

- Risk Score: 25 (Low Risk)

- Threat Indicators: No malicious activity, spam, or known attacker associations detected.

- Network Stability: Stable routing (BGP route stability: "stable"), no recent ownership changes.

2. Geolocation & Ownership:

- Location: Des Moines, IA, US (geolocation consensus: 100%).

- Provider: Microsoft Azure (cloud compute infrastructure).

- ASN: 8075 (Microsoft Corporation).

3. Network Services:

- Open Ports: 80 (HTTP), 443 (HTTPS).

- TLS Certificate: Valid, issued by GoDaddy, with subject *"*.corestack.io"*.

- Server Fingerprint: Microsoft Azure Application Gateway, no suspicious banners or HTTP anomalies.

4. Observation History:

- Activity Trends: No significant changes in risk signals over time (last 30 days).

- DNS & Routing: DNSSEC valid, no DNSBL listings.

5. Relationships:

- Network Links: Strongly tied to Microsoft's network (MSFT), with no external malicious connections.

- Subnet: Part of a mostly clean /24 subnet (abuse density: 0).

Recommendations:

Monitoring: No immediate action required. Continue standard monitoring for anomalous traffic patterns.
Firewall Rules: No blocking rules needed for this IP, as it is part of a legitimate cloud service.
Context: This IP is likely a legitimate Azure resource. Verify if it corresponds to a known service or tenant within your environment.

Conclusion:

The IP address 52.185.75.214/32 is a low-risk, legitimate Microsoft Azure node with no evidence of malicious activity. No security actions are recommended at this time.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	IA
City	Des Moines
Timezone	America/Chicago
Latitude	41.60
Longitude	-93.61

🏢 Ownership & Registration

Organization	Microsoft Corporation
ASN	AS8075
Network Name	—
CIDR Block	52.160.0.0/11
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Present
DMARC	Present
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Web Server
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
80	http	tcp	—
443	https	tcp	—
Closed Ports	22, 25, 3389, 8080, 8443 (2 open / 7 scanned)

Server	Microsoft-Azure-Application-Gateway/v2
HTTP Title	—

🔐 TLS Certificate

🔒

CN=*.corestack.io

Issued by CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Self-signed: No

SANs	*.corestack.iocorestack.io
Valid From	2025-09-11T13:19:51+00:00
Valid Until	2026-10-13T13:19:51+00:00
TLS Protocol	Tls13
Cipher Suite	TLS_AES_256_GCM_SHA384
Signature Algorithm	sha256RSA
Validity Period	397 days
Serial Number	00DAB9F3B6F78D71D9
Thumbprint	6840995BF261316A8316A8CC9EB5C86B39F85DC0

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	26%	2	4
routing	17%	2	3
services	26%	2	3
ownership	20%	2	3
reputation	28%	1	3
geolocation	33%	2	3
Overall	25%	11	19

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Mostly Consistent (80%) — 1 contradiction(s)
Attribution	Low (35%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

⚠ Claimed geolocation contradicts RTT physics measurement

📅 Observation Timeline 🔄 Live

First Seen	2026-05-17 03:09:20 UTC
Last Seen	2026-06-28 04:38:40 UTC
Profile Built	2026-06-28 22:43:41 UTC
Data Freshness	Live
Signal Types	26
Total Observations	29

🔍 26 signal types · 29 observations collected

This report is generated from 26+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

52.185.75.214📋 Copy