# IP Intelligence Briefing: 18.219.106.116/32
## Executive Summary
IP 18.219.106.116 is a moderate-risk endpoint associated with Amazon Web Services infrastructure. The IP resolves to an AWS EC2 instance in the US-East-2 (Ohio) region with no currently open services. While no active threat indicators are present, the IP carries two DNSBL listings and a risk score of 40, warranting monitoring but not immediate blocking without additional context.
## Ownership and Registration
- Organization: Amazon Technologies Inc.
- Network: AT-88-Z (18.32.0.0/11)
- ASN: 16509
- Location: Columbus, OH, US
- DNS PTR: ec2-18-219-106-116.us-east-2.compute.amazonaws.com
- Forward DNS: Confirmed to amazonaws.com
## Network Classification
- Service Purpose: Firewalled / No Services
- Open Ports: None detected
- Infrastructure Type: Cloud (AWS EC2)
- Risk Score: 40 (Moderate)
- Provider Score: 0
- Authority Score: 0
## Threat Assessment
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- Known Campaigns: None
- Abuse Confidence: Not assessed
- Threat Persistence: Not observed (0 days)
- DNSBL Listings: 2 of 8 total lists flagged
## Neighborhood Analysis
- Subnet: 18.219.106.106/24
- Abuse Density: 0 (Clean)
- Total Siblings: 1
- Active Siblings: 0
- Threat Siblings: 0
## Historical Observations
Recent signal history (as of 2026-06-16) indicates:
- No ownership changes
- No persistent malicious activity
- ICMP validation blocked (unable to validate)
- Geovalidation plausible (6,580.9 km distance from origin)
- No significant risk escalation trends
## Relationships
- DNS Associations: Multiple records for ec2-18-219-106-116.us-east-2.compute.amazonaws.com
- Network Associations: AT-88-Z subnet
## Recommended Actions
Due to the moderate risk score (40) and DNSBL presence, consider the following:
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 18.219.106.116 -j DROP
# nftables
nft add rule inet filter input ip saddr 18.219.106.116 drop
# pfSense
18.219.106.116/32
```
WAF Configuration:
- Cloudflare WAF: Block with filter expression `ip.src eq 18.219.106.116`
- AWS WAF: Add 18.219.106.116/32 to protected address set
Analysis Recommendation:
While no active threat indicators exist, the DNSBL listings and moderate risk score suggest potential historical abuse or reputation issues. Recommend:
1. Verify if this IP has been observed in prior incident investigations
2. Monitor for service activation (open ports, HTTP responses)
3. Correlate with any reported incidents involving similar AWS EC2 instances
4. Consider blocking if traffic patterns indicate reconnaissance or exploitation attempts
Priority: Medium
Classification: Cloud Infrastructure Endpoint with Moderate Risk Profile
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Technologies Inc. |
| ASN | AS16509 |
| Network Name | AT-88-Z |
| CIDR Block | 18.32.0.0/11 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-18-219-106-116.us-east-2.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-18-219-106-116.us-east-2.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 17% | 1 | 1 |
| services | 24% | 2 | 2 |
| ownership | 35% | 2 | 3 |
| reputation | 17% | 1 | 2 |
| geolocation | 35% | 2 | 3 |
| Overall | 27% | 10 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-11 21:17:35 UTC |
| Last Seen | 2026-06-21 19:12:06 UTC |
| Profile Built | 2026-06-21 19:14:21 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 22 |
Full dossier details are available via our API.