172.202.117.223
# IP Intelligence Briefing: 172.202.117.223/32
Classification: Low Risk Cloud Infrastructure Asset
---
## Executive Summary
IP 172.202.117.223 is a Microsoft Azure cloud compute instance operating in Des Moines, IA. The IP demonstrates a low-risk profile (Score: 25) with no active threat indicators, though it appears on one DNS blacklist with high severity. The IP is firewalled with no open ports, suggesting legitimate cloud infrastructure usage.
---
## Profile Analysis
Network Classification:
- Provider: Microsoft Azure (ASN 8075)
- Infrastructure Type: Cloud Compute
- Hosting: Active
- Connection Type: Firewalled/No Services
Geolocation:
- Location: Des Moines, IA, US
- Coordinates: 41.01°N, -95.2667°W
- Accuracy: 899km radius
- Timezone: America/Chicago
DNS Resolution:
- Reverse DNS: azpdcsfpyyr2.stretchoid.com
- Forward Resolution: Confirmed
- Status: Active hostname association
---
## Threat Assessment
Risk Indicators:
- Risk Score: 25 (Low Risk)
- Abuse Confidence: Not applicable
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
Blacklist Status:
- DNSBL Listings: 1 listed out of 8 total checks
- Maximum Severity: High
- Lists Affected: 8 total blacklist checks
Control Plane:
- BGP Prefix: 172.200.0.0/13
- Route Stability: False (route changes detected)
- RPKI State: Not validated
- IRR Consistency: Not verified
---
## Behavioral Observations
Service Exposure:
- Open Ports: None detected
- TLS Certificate: None
- HTTP Banner: None
- Status: Fully firewalled infrastructure
Campaign Indicators:
- Likelihood: None
- Cert Matches: 0
- Correlated IPs: 0
- Campaign Signatures: None detected
Temporal Analysis:
- Observation Count: 1 threat observation
- Threat Persistence: 0 days
- Persistent Malicious Activity: False
- Ownership Changes: 0
---
## Neighborhood Context
Subnet: 172.202.117.0/24
- Classification: Mostly Clean
- Abuse Density: 0.4
- Total Siblings: 5
- Active Siblings: 4
- Threat Siblings: 2
Neighbor Risk Profile:
| IP Address | Risk Score | Authority Score |
|---|---|---|
| 172.202.117.124 | 0 | 50 |
| 172.202.117.125 | 40 | 60 |
| 172.202.117.177 | 25 | 60 |
| 172.202.117.213 | 25 | 60 |
Risk Distribution: 0 High / 1 Medium / 3 Low
---
## Relationship Graph
Primary Associations:
- DNS Hostname: azpdcsfpyyr2.stretchoid.com (multiple associations)
- Network Classification: Cloud infrastructure
- Total Relationships: 50 detected entities
---
## Historical Signals
Observation Count: 22 total signals
Recent Activity:
- June 27, 2026: DNS blacklist listing detected (max severity: high)
- June 26, 2026: Geolocation inference for Des Moines, IA, US (confidence: 0.80)
- Multiple signals: Consistent cloud infrastructure indicators
Signal Confidence: Variable (0.21β0.85)
---
## Recommended Actions
Immediate:
- Monitor DNS blacklist status; current listing appears to be legacy/infrastructure-related
- No immediate blocking recommended due to low-risk profile and cloud infrastructure classification
Ongoing:
- Continue monitoring for route stability changes
- Watch for emergence of open ports or service exposure
- Track DNS hostname activity for azpdcsfpyyr2.stretchoid.com
Firewall Rules:
- No specific iptables/nftables rules required; traffic should pass based on current risk profile
- Consider logging for forensic purposes if traffic patterns change
---
## Intelligence Narrative
The target IP 172.202.117.223 represents a Microsoft Azure cloud compute instance operating as firewalled infrastructure in Des Moines, Iowa. The IP maintains a low-risk profile with no evidence of active malicious activity. The single DNS blacklist listing appears to be infrastructure-related rather than abuse-based, given the cloud hosting classification and absence of open services. The subnet exhibits moderate abuse density (0.4) with 40% of neighbors classified as low-risk, supporting the conclusion that this IP is part of legitimate cloud infrastructure operations. The hostname azpdcsfpyyr2.stretchoid.com suggests connection to a stretchoid.com service, which may warrant domain-level correlation for broader context. No blocking is currently recommended; continued passive monitoring is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Divya Quamara |
| ASN | AS8075 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | azpdcsfpyyr2.stretchoid.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | azpdcsfpyyr2.stretchoid.com |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 24% | 1 | 3 |
| geolocation | 23% | 2 | 2 |
| Overall | 19% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-11 08:57:56 UTC |
| Last Seen | 2026-06-27 19:11:16 UTC |
| Profile Built | 2026-06-28 13:17:34 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.