# IP INTELLIGENCE BRIEFING: 3.148.118.152/32
## EXECUTIVE SUMMARY
IP address 3.148.118.152 is classified as LOW RISK (Risk Score: 25) and operates within Amazon Web Services infrastructure. The endpoint hosts a public-facing web service with no active threat indicators. Defensive monitoring is recommended but no immediate blocking actions are warranted.
## INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **IP Address** | 3.148.118.152/32 |
| **Provider** | Amazon Web Services |
| **ASN** | 16509 |
| **Organization** | Amazon Technologies Inc. |
| **Location** | Columbus, Ohio, United States |
| **Infrastructure Type** | CloudCompute (EC2 Instance) |
| **CIDR Block** | 3.144.0.0/13 |
## NETWORK SERVICES
The endpoint exposes the following services:
- Port 80/TCP - HTTP (nginx/1.28.3 on Ubuntu)
- Port 443/TCP - HTTPS (TLS 1.3 capable)
- Port 22/TCP - SSH (OpenSSH_10.2p1 Ubuntu-2ubuntu3.2)
TLS Certificate Analysis: Let's Encrypt issued certificate covering vpn.mariaclubs.dev and vpnadmin.mariaclubs.dev. Certificate is properly configured and not self-signed.
## THREAT INDICATOR ASSESSMENT
- Threat Score: 25/100 (Low Risk)
- Abuse Confidence: Not applicable
- Known Attacker: No
- Tor Exit Node: No
- Spam Source: No
- Blacklist Count: 0
- DNSBL Listings: 1 of 8 lists (minor listing)
- Campaign Association: None detected
The IP shows no evidence of malicious activity, scanning, or abuse patterns.
## OBSERVATION HISTORY
Analysis of 25 historical observations indicates stable behavior:
- Consistent cloud infrastructure classification
- DNS resolution stable to AWS EC2 hostname
- Recent HTTP responses show 404 status codes (normal for static resources)
- DMARC policy configured (p=none)
- No ownership changes detected
## NEIGHBORHOOD ANALYSIS
Subnet 3.148.118.152/24 assessment:
- Abuse Density: 0 (Clean)
- Total Siblings: 1
- Threat Siblings: 0
- Classification: Mostly Clean
No neighboring IPs show malicious activity or abuse patterns.
## RELATIONSHIP MAPPING
Key associations identified:
- DNS: ec2-3-148-118-152.us-east-2.compute.amazonaws.com
- Network: AT-88-Z (Amazon infrastructure)
- No suspicious connections to known bad actors
## RECOMMENDED ACTIONS
Based on the low-risk profile and clean neighborhood data:
1. No blocking recommended - Traffic appears legitimate
2. Standard monitoring - Continue routine observability
3. No firewall rules required - No immediate threat detected
4. DNS inspection - Monitor for domain abuse on mariaclubs.dev subdomains if applicable
## CONCLUSION
IP 3.148.118.152 represents standard cloud hosting infrastructure with no active threat indicators. The endpoint operates within AWS's 3.x.x.x public IP range and hosts legitimate web services. SOC teams may permit traffic while maintaining standard logging and monitoring practices.
---
*Generated: Current Intelligence Cycle*
*Data Source: IPDebrief Intelligence Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Technologies Inc. |
| ASN | AS16509 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-3-148-118-152.us-east-2.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-3-148-118-152.us-east-2.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 1/2 domains |
| DMARC | 2/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.28.3 (Ubuntu) |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_10.2p1 Ubuntu-2ubuntu3.2 |
π TLS Certificate
| SANs | vpn.mariaclubs.devvpnadmin.mariaclubs.dev |
| Valid From | 2026-05-06T03:48:35+00:00 |
| Valid Until | 2026-08-04T03:48:34+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 061D78FE4C31B1BFC2FB4AEC782B35526EE7 |
| Thumbprint | 9246029C816217D36C547C843BD43DD72DA587FC |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 22% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 26% | 2 | 3 |
| ownership | 17% | 2 | 3 |
| reputation | 24% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 20% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-12 21:55:08 UTC |
| Last Seen | 2026-06-27 22:04:57 UTC |
| Profile Built | 2026-06-28 16:09:46 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.