104.208.108.166
IP Intelligence Briefing: 104.208.108.166
Date: 2026-06-16
**Key Findings**
- Ownership: Microsoft Corporation (Microsoft Azure cloud infrastructure).
- Network Role: CloudCompute service, part of Microsoft's global infrastructure.
- Geolocation: Hong Kong (HK), but infrastructure is hosted on Microsoft's global network.
- Risk Profile: High-risk (score: 80) due to DNSBL listings and network activity anomalies.
- Threat Indicators: No direct malware or attack indicators detected.
**Observation History (Last 30 Days)**
- DNSBL Listings: Listed on 4/8 DNSBLs (high severity).
- BGP Stability: Stable route with AS_PATH: `34549 8075` (Microsoft ASNs).
- Active Services: HTTP (80), HTTPS (443), and SSH (22) with OpenSSH banner.
**Network Relationships**
- Linked Entities: Directly tied to Microsoft's Azure network (AS-MSFT).
- Neighbors:
- 104.208.108.55: Low-risk (score: 25), same subnet.
- Subnet Abuse Density: 1/256 IPs flagged (mostly clean).
**Actionable Insights**
1. False Positive Risk? The high risk score correlates with DNSBL listings, which may reflect false positives or benign traffic. Verify with Microsoft's security teams.
2. Monitor for Anomalies: Despite being a legitimate cloud IP, unusual traffic patterns or unexpected service changes should be investigated.
3. Neighbor Analysis: The low-risk neighbor (104.208.108.55) is likely benign but should be monitored for lateral movement risks.
**Recommendations**
- Firewall Rules: Allow traffic to Microsoft's Azure network (AS-MSFT) but block unsolicited connections to this IP.
- DNSBL Verification: Cross-check listings with Microsoft's threat intelligence to confirm legitimacy.
- Continuous Monitoring: Track changes in DNSBL status and network behavior for this IP.
Conclusion: This IP is part of Microsoft's infrastructure, but its high-risk score suggests potential false positives or misconfigured security controls. SOC teams should prioritize verifying DNSBL entries and monitoring for deviations from expected cloud service behavior.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | โ |
| CIDR Block | 104.208.0.0/13 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.13 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 20% | 2 | 3 |
| services | 25% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 25% | 11 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:03:27 UTC |
| Last Seen | 2026-06-26 21:58:09 UTC |
| Profile Built | 2026-06-27 18:17:46 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 28 |
Full dossier details are available via our API.