74.249.192.245
# IP Intelligence Briefing: 74.249.192.245/32
Classification: LOW RISK / MONITOR
Date: 2026-06-21
Analyst: Automated IP Intelligence System
---
## Executive Summary
IP address 74.249.192.245 is identified as Microsoft Corporation infrastructure (AS8075) deployed within the Microsoft Azure cloud platform. While the IP operates within legitimate Microsoft network infrastructure, threat intelligence signals indicate limited exposure to abuse feeds and DNS blacklisting activity. Current risk assessment indicates low threat level, though neighborhood monitoring is recommended due to one observed threat sibling within the /24 subnet.
---
## Ownership and Infrastructure
| Attribute | Value |
|---|---|
| ASN | 8075 (Microsoft Corporation) |
| Organization | MSFT / Microsoft Azure |
| CIDR Block | 74.248.0.0/15 |
| Network Type | Cloud Compute Infrastructure |
| Geolocation | Des Moines, IA, US |
| Timezone | America/Chicago |
The IP resolves to Microsoft Azure cloud infrastructure. The network role is classified as "Firewalled / No Services" with no open ports detected during scanning operations.
---
## Threat Intelligence Profile
Overall Risk Score: 25/100 (Low Risk)
Threat Indicators
- Abuse Confidence Score: Not calculated
- Known Attacker Status: Not flagged
- Spam Source: Not flagged
- Tor Exit Node: No
- Known Campaigns: None correlated
Blacklist Status
- DNSBL Listings: 1 of 8 total lists flagged
- Maximum Severity: High
- List Details: Multiple blacklist associations detected during observation period
Threat Signal History
Observation record shows 24 historical signals. Key threat indicators identified:
- AlienVault OTX signals detected with 50 pulse associations
- DNS blacklist listing activity observed with high severity classification
- Operator score: 0.3478 (Basic classification)
---
## DNS and Resolution Data
| Field | Value |
|---|---|
| PTR Hostname | azpdcgnxviw2.stretchoid.com |
| Forward Resolution | azpdcgnxviw2.stretchoid.com |
| Hosted Domain | stretchoid.com |
| SPF Record | Not configured |
| DMARC Record | Not configured |
The IP resolves to the stretchoid.com domain with multiple DNS association patterns observed.
---
## Network Neighborhood Analysis
Subnet: 74.249.192.245/24
- Abuse Density: 1 (mostly clean)
- Threat Siblings: 1 detected
- Active Siblings: 1
- Classification: Mostly clean
---
## Control Plane Data
- Route Stability: False
- DNSSEC Valid: True
- Has CAA: True
- Route Changes (30d): 0
- RPKI State: Not available
- IRR Consistency: Not available
---
## Recommended Actions
Current Risk Assessment: Low risk (Score: 25)
Firewall/Security Recommendations:
- No specific firewall rules generated due to low threat classification
- Standard Microsoft Azure traffic should be permitted based on organizational policy
- Monitor for any changes in threat signal patterns
Monitoring Recommendations:
- Continue monitoring DNS blacklist status
- Track neighborhood activity in 74.249.192.0/24 subnet
- Alert on any emergence of new threat indicators
---
## Intelligence Notes
While the IP address operates within legitimate Microsoft Azure infrastructure, the presence of threat pulse signals and DNS blacklist associations warrants continued monitoring. The Microsoft cloud association provides a degree of legitimacy, but the blacklist activity and neighborhood threat sibling indicate this specific address may have been associated with malicious activity at some point. SOC analysts should evaluate in context of organizational threat tolerance and existing Microsoft cloud trust relationships.
No immediate blocking action recommended based on current risk profile.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | MSFT |
| CIDR Block | 74.248.0.0/15 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | azpdcgnxviw2.stretchoid.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | azpdcgnxviw2.stretchoid.com |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 27% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 26% | 2 | 3 |
| Overall | 24% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-29 05:55:52 UTC |
| Last Seen | 2026-06-29 06:17:38 UTC |
| Profile Built | 2026-06-29 12:21:26 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 26 |
Full dossier details are available via our API.