18.222.91.240
# IP Intelligence Briefing: 18.222.91.240/32
Classification: Low Risk / Cloud Infrastructure
Date: June 2026
Analyst: IPDebrief Intelligence Team
---
## Executive Summary
IP address 18.222.91.240 is a low-risk Amazon Web Services (AWS) EC2 instance located in Columbus, Ohio. The asset demonstrates stable cloud infrastructure characteristics with no active threat indicators. The IP carries a risk score of 25/100 and is classified as firewalled with no open services. One DNS blacklist listing was identified, representing a minor concern requiring monitoring.
## Ownership and Network Classification
- Organization: Amazon Technologies Inc.
- ASN: 16509 (AT-88-Z)
- CIDR Block: 18.32.0.0/11
- Infrastructure Type: Cloud Compute (AWS EC2)
- Geolocation: Columbus, Ohio, US (39.96°N, -83.0°W)
- BGP Prefix: 18.220.0.0/14
The IP resolves to hostname `ec2-18-222-91-240.us-east-2.compute.amazonaws.com`, confirming its identity as a standard AWS EC2 compute instance.
## Threat Assessment
- Risk Score: 25 (Low Risk)
- Abuse Confidence: Not applicable (cloud infrastructure)
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0 threat feeds; 1 DNSBL listing total
- Threat Persistence: 0 days (transient observation)
No active threat indicators detected. The IP does not appear in known malicious campaigns or threat feeds.
## Services and Network Role
- Open Ports: None detected
- TLS Certificate: None
- HTTP Title: None
- Service Status: Firewalled / No Services
- Network Classification: Cloud Compute, Hosting
The absence of open ports indicates the instance is properly configured with minimal service exposure, consistent with security best practices for cloud infrastructure.
## Observation History
Twenty-four observations were retrieved over the monitoring period. Key patterns include:
- Geolocation: Consistent Columbus, OH location with 56-85% confidence
- Network Classification: Stable AWS provider identification
- Operator Score: 0.4783 (Basic classification)
- Route Stability: Confirmed with 9,539 days of AS allocation history
- DNSSEC: Valid
The history demonstrates stable ownership and network characteristics with no significant changes in threat profile.
## Neighborhood Analysis
Subnet 18.222.91.0/24 analysis indicates:
- Abuse Density: 0 (clean)
- Total Siblings: 1
- Active Siblings: 1
- Threat Siblings: 1
- Classification: Mostly Clean
The neighborhood shows minimal abuse activity, with one threat sibling identified. This level of activity is normal for a large cloud provider subnet.
## Relationship Graph
Twenty-five relationships identified, comprising:
- Multiple "Same Network" associations to AT-88-Z network
- DNS associations to `ec2-18-222-91-240.us-east-2.compute.amazonaws.com`
No malicious relationships or certificate associations detected.
## Recommended Actions
Based on the low-risk profile and cloud infrastructure classification, standard monitoring is recommended:
1. Allow Standard Traffic: No blocking required; this is legitimate AWS infrastructure
2. Monitor DNSBL: Track the single DNS blacklist listing for changes
3. Log Connections: Maintain connection logs for audit purposes
4. No Firewall Rules Required: No iptables/nftables rules necessary
## Conclusion
IP 18.222.91.240 represents standard AWS cloud infrastructure with a low-risk profile. The asset exhibits normal cloud compute behavior with no malicious indicators. SOC teams should treat this as a benign IP requiring standard monitoring rather than active threat response. The single DNSBL listing warrants periodic review but does not constitute an immediate security concern.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Technologies Inc. |
| ASN | AS16509 |
| Network Name | AT-88-Z |
| CIDR Block | 18.32.0.0/11 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-18-222-91-240.us-east-2.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-18-222-91-240.us-east-2.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_7.4 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 34% | 2 | 3 |
| services | 26% | 2 | 2 |
| ownership | 40% | 3 | 5 |
| reputation | 26% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 30% | 12 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-02 12:03:35 UTC |
| Last Seen | 2026-06-29 10:50:17 UTC |
| Profile Built | 2026-06-29 16:52:32 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 27 |
Full dossier details are available via our API.