68.221.170.33
INTELLIGENCE BRIEFING: 68.221.170.33/32
Classification: LOW RISK β Microsoft Azure Infrastructure
Asset Overview:
The target IP address 68.221.170.33 resolves to Microsoft Corporation (AS8075) within the MSFT CIDR block (68.218.0.0/15). The infrastructure is classified as Microsoft Azure cloud compute with a low-risk reputation score of 25.
Geolocation & Network Context:
- Location: Madrid, Spain (40.42°N, -3.7°W) β Europe/Madrid timezone
- ASN: AS8075 Microsoft Corporation
- Network Role: Cloud compute infrastructure with hosting capability enabled
- DNSBL Status: Listed on 1 of 8 evaluated threat feeds
Technical Services:
- HTTP/80: Apache/2.4.58 (Ubuntu) β Status code 200
- SSH/22: OpenSSH_9.6p1 Ubuntu-3ubuntu13.16
- TLS: No active certificate detected
- HTTP Version: 1.1 (no HTTP/2 support)
- TTFB: 4333ms (elevated response time)
Threat Indicators:
- Risk Score: 25 (Low Risk)
- Abuse Confidence: Not scored
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Campaign Correlation: None detected
Observation History (18 signals):
Recent activity includes:
- Multiple blacklist listings (8 total, 2 current high-severity)
- HTTP fingerprinting with Apache/2.4.58 server banner
- Port scanning activity (ports 80, 22, and additional)
- ASN-level attribution to Microsoft Corporation
- Operator score: 0.1304 (Minimal)
Network Neighborhood (68.221.170.0/24):
- Abuse Density: 0 (Clean)
- Threat Siblings: 0
- Active Siblings: 0
- No adjacent threat indicators detected
Relationship Graph:
All 6 detected relationships link to Microsoft network infrastructure (MSFT), confirming legitimate Azure cloud hosting.
Recommended Actions:
No specific blocking or mitigation actions required. The IP represents legitimate Microsoft Azure infrastructure with standard cloud services. Monitor for any changes in blacklist status or behavioral patterns.
Analyst Notes:
This is Microsoft Azure infrastructure located in Madrid. The single blacklist listing may represent a transient issue or false positive. No immediate threat activity detected. Standard cloud compute traffic patterns observed.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | MSFT |
| CIDR Block | 68.218.0.0/15 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Multi-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 443, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | Apache/2.4.58 (Ubuntu) |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 35% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 15% | 1 | 2 |
| geolocation | 13% | 1 | 1 |
| Overall | 23% | 9 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-07 01:47:25 UTC |
| Last Seen | 2026-06-23 19:19:30 UTC |
| Profile Built | 2026-06-21 13:47:03 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 22 |
Full dossier details are available via our API.