3.235.91.146
## IP Intelligence Briefing: 3.235.91.146
Classification: AWS EC2 Host - Low Risk Profile
Date: 2026-06-15
Prepared For: SOC Operations
---
EXECUTIVE SUMMARY
Target IP 3.235.91.146 is identified as an Amazon Web Services (AWS) EC2 compute instance in the Northern Virginia region. The IP maintains a low-risk reputation score of 25/100. Infrastructure analysis confirms operation as a Druva Inc. web service host with valid SSL/TLS certificates. No persistent malicious activity detected across observation history.
---
OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| ASN | 14618 |
| Organization | Amazon Data Services Northern Virginia |
| CIDR Block | 3.235.91.0/24 |
| Region | Ashburn, Virginia, US |
| Infrastructure Type | CloudCompute |
| Service Purpose | Web Server |
DNS Resolution:
- PTR Hostname: ec2-3-235-91-146.compute-1.amazonaws.com
- Forward Resolution: Confirmed
- Hosted Domain: amazonaws.com
TLS/SSL Certificate:
- Issuer: DigiCert Global G2 TLS RSA SHA256 2020 CA1
- Subject: *.druva.com, druva.com
- Validation: Not self-signed, valid certificate chain
---
THREAT INDICATORS
Risk Profile:
- Overall Risk Score: 25 (Low Risk)
- Abuse Confidence Score: Not applicable
- Blacklist Count: 1 (of 8 total DNSBL lists)
- Known Campaigns: None
- Is Tor Exit Node: No
- Is Known Attacker: No
Control Plane:
- BGP Prefix: 3.224.0.0/12
- Route Stability: Stable (0 changes in 30 days)
- RPKI State: Not validated
- DNSSEC Valid: Yes
- Operator Score: 0.2609 (Basic)
Threat Indicators:
- No active threat indicators present
- No known attacker signatures
- No spam source classification
- No Tor network association
---
NEIGHBORHOOD ANALYSIS
Subnet: 3.235.91.146/24
- Abuse Density: 0-1 (Minimal)
- Classification: Mostly Clean
- Active Siblings: 1
- Threat Siblings: 1
- Sibling Risk: Inherited risk score of 2
The /24 subnet maintains minimal abuse density with only one active sibling IP identified. Threat sibling presence suggests isolated incident rather than coordinated activity.
---
OBSERVATION HISTORY
Total Observations: 22 signals
Recent Activity: June 15, 2026
Key Observations:
1. DNS Configuration: SPF and DMARC records active for druva.com domain
2. Connection Status: Recent connection failures observed (2026-06-15 10:35:31 UTC)
3. Ownership Stability: No ownership changes recorded
4. Threat Persistence: No persistent malicious behavior detected
5. Signal Confidence: Variable confidence levels (0.28-0.85) across observations
---
RELATIONSHIP MAPPING
41 Relationships Identified:
- DNS Associations: Multiple EC2 hostname references
- Network Associations: AMAZON-IAD regional network
- Service Endpoints: druva.com services
---
RECOMMENDED ACTIONS
Firewall/Security Rules:
- Allow HTTPS (443) traffic as expected for web server function
- No blocking recommended based on current risk profile
- Monitor for anomalous outbound connections
SOC Monitoring Priorities:
- Watch for DNSBL listing changes
- Monitor connection failure patterns
- Track sibling IP 3.235.91.x for any activity escalation
Threat Intelligence:
- No immediate threat mitigation required
- IP maintains standard AWS infrastructure characteristics
- No indicators of compromise (IOC) present
---
CONCLUSION
IP 3.235.91.146 represents a legitimate AWS EC2 instance hosting Druva Inc. web services. The low-risk profile, clean subnet neighborhood, and absence of persistent threat indicators support continued normal operation. SOC teams may classify as benign infrastructure requiring standard monitoring.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Northern Virginia |
| ASN | AS14618 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-3-235-91-146.compute-1.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-3-235-91-146.compute-1.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 2/2 domains |
| DMARC | 2/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 80, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | *.druva.comdruva.com |
| Valid From | 2026-03-23T00:00:00+00:00 |
| Valid Until | 2026-10-07T23:59:59+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 198 days |
| Serial Number | 02634FFF14E02705564C2DDEFBF01527 |
| Thumbprint | 69EB6A159A9C0A7EF3E1BD37F8B61CF6DA76D129 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 25% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-20 22:13:05 UTC |
| Last Seen | 2026-06-28 12:40:16 UTC |
| Profile Built | 2026-06-29 06:44:58 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 28 |
Full dossier details are available via our API.