4.204.194.158
IP Intelligence Briefing: 4.204.194.158
Date: 2026-06-11
---
**1. Core Profile**
- Risk Score: Low (25/100) | Provider Score: 0 | Authority Score: 0
- Ownership: Microsoft Corporation (AS8075) | Geolocation: Toronto, Ontario, Canada (43.65°N, -79.38°W)
- Network Role: Microsoft Azure cloud infrastructure (firewalled, no services exposed)
- Threat Indicators: No malicious activity detected | No blacklists or campaigns linked
---
**2. Observation History**
- Latest Activity: 2026-06-11 | Geo Plausibility: Inferred via multi-signal triangulation (150km accuracy radius)
- Subnet Analysis:
- 4.204.194.158/24 classified as "mostly_clean" with abuse density 1.
- Threat Siblings: 1 (low risk) | Active Siblings: 1 | Total Siblings: 1
---
**3. Relationships**
- Linked Entities:
- Network: Microsoft Azure (AS8075)
- Geolocation: Consistent with Toronto, Canada (multiple sources)
- DNS: No public PTR records or domain associations
---
**4. Neighborhood Analysis**
- Subnet: 4.204.194.158/24 | Abuse Density: 1 (low)
- Neighbors: No additional IPs identified in the subnet (likely a single-host allocation)
---
**5. Threat Context**
- No Malicious Signals: No DNS anomalies, open ports, or TLS certificates detected.
- Cloud Infrastructure: Likely a legitimate Azure server with no exposed services.
- Subnet Caution: While the IP itself is low risk, the subnet contains 1 threat sibling. Monitor for lateral movement or shared vulnerabilities.
---
**6. Recommended Actions**
- SOC Focus:
- Monitor subnet for unusual traffic patterns or new sibling IPs.
- Validate geolocation consistency with other signals (e.g., RTT, traceroute).
- Firewall Rules: No immediate blocking required. Consider logging traffic for anomaly detection.
Conclusion: This IP is part of Microsoft's Azure infrastructure and poses no direct threat. However, the subnetβs low abuse density and single threat sibling warrant continued monitoring.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | MSFT |
| CIDR Block | 4.192.0.0/12 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 21% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-26 18:57:50 UTC |
| Last Seen | 2026-06-29 03:24:05 UTC |
| Profile Built | 2026-06-29 03:27:30 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 22 |
Full dossier details are available via our API.