20.14.74.210

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## Intelligence Briefing: IP Address 20.14.74.210/32

Classification: Moderate Risk (Score: 40/100)

Date of Analysis: Current

Assigned Organization: Microsoft Corporation

Network Ownership & Infrastructure

The target IP address 20.14.74.210 belongs to Microsoft Corporation (ASN 8075) within the MSFT network block (20.0.0.0/11). The address is registered with ARIN and geolocated to Phoenix, Arizona, United States. Infrastructure classification indicates Microsoft Azure cloud compute environment with cloud hosting enabled. No active services or open ports were detected on the target system. The reverse DNS resolves to azpdwss7koxz.stretchoid.com.

Threat Indicators & Risk Assessment

The IP maintains a moderate risk score of 40, with no indicators of known malicious activity. Threat analysis revealed no entries on threat feeds, no Tor exit node status, and no classification as a known attacker or spam source. The address was listed on 2 out of 8 DNS blacklists. Control plane analysis showed route stability issues with a BGP prefix of 20.0.0.0/11 originating from ASN 8075. DNSSEC validation is enabled.

Historical Context

Observation history recorded 18 distinct signals. The most recent assessment (2026-06-16) classified the subnet (20.14.74.210/24) as "mostly_clean" with an abuse density score of 0.5 and inherited risk rating of 2. No ownership changes were detected. The IP was not flagged as persistently malicious, and threat observation count remained at zero. Geolocation inference consistently placed the address in Phoenix, Arizona with moderate confidence levels.

Network Relationships

The relationship graph identified seven associations, including multiple DNS associations to stretchoid.com hostnames and same-network associations to MSFT infrastructure. The /24 subnet neighborhood analysis revealed one active sibling IP (20.14.74.238) with a risk score of 25 and authority score of 60. Subnet abuse density is 0.0, with classification marked as "mostly_clean."

Recommended Security Actions

Based on the risk profile, the following firewall rules were generated:

iptables: `iptables -A INPUT -s 20.14.74.210 -j DROP`

nftables: `nft add rule inet filter input ip saddr 20.14.74.210 drop`

nginx: `deny 20.14.74.210;`

pfSense: `20.14.74.210/32`

Cloudflare WAF: Block with expression `ip.src eq 20.14.74.210`

AWS WAF: Include address `20.14.74.210/32` with description "IPDebrief risk 40"

Analyst Notes

While the IP is associated with Microsoft Azure infrastructure, the presence of stretchoid.com reverse DNS records (a domain known for hosting potentially suspicious infrastructure) combined with a moderate risk score warrants monitoring. The subnet-level abuse density of 0.5 and the presence of one threat sibling IP (20.14.74.238) suggest potential coordinated infrastructure. Recommend correlating with internal logs to verify any traffic patterns from this address.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	AZ
City	Phoenix
Timezone	America/Phoenix
Latitude	33.45
Longitude	-112.07

🏢 Ownership & Registration

Organization	Microsoft Corporation
ASN	AS8075
Network Name	MSFT
CIDR Block	20.0.0.0/11
RIR	ARIN
Country	United States
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	azpdwss7koxz.stretchoid.com
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`azpdwss7koxz.stretchoid.com`

🔐 DNS Hygiene

Hygiene Score	60% (Good)
SPF	Not configured
DMARC	Not configured
FCrDNS	Verified
DNSSEC	Valid
CAA	Present

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Tier 3 — Basic operator with some routing infrastructure

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	24%	2	2
routing	17%	1	1
services	17%	1	1
ownership	35%	2	3
reputation	17%	1	2
geolocation	17%	1	1
Overall	21%	8	10

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-06-12 09:21:25 UTC
Last Seen	2026-06-21 19:37:53 UTC
Profile Built	2026-06-21 19:43:17 UTC
Data Freshness	Live
Signal Types	20
Total Observations	22

🔍 20 signal types · 22 observations collected

This report is generated from 20+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

20.14.74.210📋 Copy