18.219.106.116

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 18.219.106.116/32

## Executive Summary

IP 18.219.106.116 is a moderate-risk endpoint associated with Amazon Web Services infrastructure. The IP resolves to an AWS EC2 instance in the US-East-2 (Ohio) region with no currently open services. While no active threat indicators are present, the IP carries two DNSBL listings and a risk score of 40, warranting monitoring but not immediate blocking without additional context.

## Ownership and Registration

Organization: Amazon Technologies Inc.
Network: AT-88-Z (18.32.0.0/11)
ASN: 16509
Location: Columbus, OH, US
DNS PTR: ec2-18-219-106-116.us-east-2.compute.amazonaws.com
Forward DNS: Confirmed to amazonaws.com

## Network Classification

Service Purpose: Firewalled / No Services
Open Ports: None detected
Infrastructure Type: Cloud (AWS EC2)
Risk Score: 40 (Moderate)
Provider Score: 0
Authority Score: 0

## Threat Assessment

Known Attacker: No
Spam Source: No
Tor Exit Node: No
Blacklist Count: 0
Known Campaigns: None
Abuse Confidence: Not assessed
Threat Persistence: Not observed (0 days)
DNSBL Listings: 2 of 8 total lists flagged

## Neighborhood Analysis

Subnet: 18.219.106.106/24
Abuse Density: 0 (Clean)
Total Siblings: 1
Active Siblings: 0
Threat Siblings: 0

## Historical Observations

Recent signal history (as of 2026-06-16) indicates:

No ownership changes
No persistent malicious activity
ICMP validation blocked (unable to validate)
Geovalidation plausible (6,580.9 km distance from origin)
No significant risk escalation trends

## Relationships

DNS Associations: Multiple records for ec2-18-219-106-116.us-east-2.compute.amazonaws.com
Network Associations: AT-88-Z subnet

## Recommended Actions

Due to the moderate risk score (40) and DNSBL presence, consider the following:

Firewall Rules:

```bash

# iptables

iptables -A INPUT -s 18.219.106.116 -j DROP

# nftables

nft add rule inet filter input ip saddr 18.219.106.116 drop

# pfSense

18.219.106.116/32

```

WAF Configuration:

Cloudflare WAF: Block with filter expression `ip.src eq 18.219.106.116`
AWS WAF: Add 18.219.106.116/32 to protected address set

Analysis Recommendation:

While no active threat indicators exist, the DNSBL listings and moderate risk score suggest potential historical abuse or reputation issues. Recommend:

1. Verify if this IP has been observed in prior incident investigations

2. Monitor for service activation (open ports, HTTP responses)

3. Correlate with any reported incidents involving similar AWS EC2 instances

4. Consider blocking if traffic patterns indicate reconnaissance or exploitation attempts

Priority: Medium

Classification: Cloud Infrastructure Endpoint with Moderate Risk Profile

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	OH
City	Columbus
Timezone	America/New_York
Latitude	39.96
Longitude	-83.00

🏢 Ownership & Registration

Organization	Amazon Technologies Inc.
ASN	AS16509
Network Name	AT-88-Z
CIDR Block	18.32.0.0/11
RIR	ARIN
Country	United States
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	ec2-18-219-106-116.us-east-2.compute.amazonaws.com
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`ec2-18-219-106-116.us-east-2.compute.amazonaws.com`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Unknown
Service Purpose	Firewalled / No Services
Network Tier	Tier 3 — Basic operator with some routing infrastructure

No specific classification

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected
Closed Ports	22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	35%	2	3
routing	17%	1	1
services	24%	2	2
ownership	35%	2	3
reputation	17%	1	2
geolocation	35%	2	3
Overall	27%	10	14

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-06-11 21:17:35 UTC
Last Seen	2026-06-21 19:12:06 UTC
Profile Built	2026-06-21 19:14:21 UTC
Data Freshness	Live
Signal Types	21
Total Observations	22

🔍 21 signal types · 22 observations collected

This report is generated from 21+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

18.219.106.116📋 Copy