4.223.70.33

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

INTELLIGENCE BRIEFING: IP ADDRESS 4.223.70.33

Classification: Low Risk / Microsoft Azure Infrastructure

Date: 2026-06-18

1. IDENTIFICATION & OWNERSHIP

The subject IP 4.223.70.33 is assigned to Microsoft Corporation (ASN 8075), operating within the 4.208.0.0/12 BGP prefix. Infrastructure classification confirms Microsoft Azure cloud compute hosting. The IP resolves geographically to Stockholm, Sweden (AB region), with geolocation confidence validated at 56% accuracy (±150km radius).

2. RISK PROFILE

Overall risk score: 25 (Low Risk). Reputation assessment: Low Risk. The IP maintains Microsoft Azure infrastructure characteristics with Microsoft-IIS/10.0 web server banner and ASP.NET application framework indicators. No known malicious campaign associations detected. The control plane indicates 1 DNSBL listing across 8 total lists, though the primary profile shows 0 blacklist counts—suggesting the listing may be context-specific or historical.

3. NETWORK CHARACTERISTICS

Open services: TCP/80 (HTTP)
Server banner: Microsoft-IIS/10.0
TLS certificate: None detected
HTTP version: 1.1
Response time: 210ms
DNSSEC: Valid
RPKI state: Not applicable

4. THREAT INDICATORS

No active threat indicators observed:

Not a Tor exit node
Not identified as known attacker
Not flagged as spam source
Zero threat feeds matches
No associated malware campaigns

5. OBSERVATION HISTORY

Historical analysis reveals 20 signal observations spanning recent monitoring periods. Signal patterns demonstrate consistent Microsoft Azure infrastructure characteristics. Key observations include:

June 14, 2026: HTTP fingerprinting with Microsoft-IIS/10.0 server signature
June 14, 2026: Port scanning activity confirming TCP/80 service
June 14-18, 2026: Geolocation signals consistent with Stockholm, SE
No observable risk escalation over observation period

6. SUBNET ANALYSIS

Subnet 4.223.70.33/24 shows abuse density of 1 with "mostly_clean" classification. Neighborhood contains 1 total sibling IP address with 1 active sibling. One threat sibling identified within the /24 block, though the subject IP itself maintains low risk profile.

7. RELATIONSHIP MAPPING

The IP maintains multiple "Same Network" relationships to Microsoft (MSFT) organizational assets, confirming infrastructure ownership and network context.

8. RECOMMENDATIONS

Based on risk profile and infrastructure classification, this IP represents legitimate Microsoft Azure cloud infrastructure. No blocking required. SOC analysts should treat as benign, but maintain standard monitoring practices. The single DNSBL listing warrants periodic verification but does not constitute immediate threat.

CONCLUSION: This IP address operates as Microsoft Azure cloud infrastructure with low-risk profile. The threat indicators, risk score of 25, and Microsoft Corporation ownership classification support benign classification. Continue standard monitoring but no defensive action recommended.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇸🇪 Sweden
Region	AB
City	Stockholm
Timezone	Europe/Stockholm
Latitude	59.33
Longitude	18.07

🏢 Ownership & Registration

Organization	Microsoft Corporation
ASN	AS8075
Network Name	—
CIDR Block	—
RIR	ARIN
Country	—
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR Record	No PTR
Forward Confirmed	No — PTR hostname does not resolve back to this IP (weak signal)

🔐 DNS Hygiene

Hygiene Score	20% (Poor)
SPF	Not configured
DMARC	Not configured
FCrDNS	Not verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Single-Service Host
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
22	ssh	tcp	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15
Closed Ports	25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned)

Server	Microsoft-IIS/10.0
HTTP Title	—
SSH Version	SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	24%	2	4
routing	8%	1	1
services	24%	2	3
ownership	20%	2	3
reputation	28%	1	3
geolocation	30%	2	3
Overall	22%	10	17

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (50%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-07 23:04:18 UTC
Last Seen	2026-06-27 05:17:14 UTC
Profile Built	2026-06-27 23:22:33 UTC
Data Freshness	Live
Signal Types	20
Total Observations	26

🔍 20 signal types · 26 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

4.223.70.33📋 Copy