# IP Intelligence Briefing: 3.252.131.227/32
Classification: LOW RISK | Last Updated: 2026-06-18
---
## Executive Summary
The IP address 3.252.131.227 is a low-risk AWS EC2 instance hosted in Dublin, Ireland (eu-west-1 region). No active threat indicators, malware campaigns, or abuse patterns were identified. The IP operates as a firewalled cloud compute resource with no exposed services.
---
## Threat Profile
| Attribute | Value |
|---|---|
| **Risk Score** | 25 / 100 (Low) |
| **Reputation** | Low Risk |
| **ASN** | 16509 (Amazon.com, Inc.) |
| **Organization** | Amazon Data Services Ireland Limited |
| **Geolocation** | Dublin, Ireland (53.35°N, 6.26°W) |
| **Infrastructure Type** | CloudCompute (AWS EC2) |
| **Blacklist Status** | 1 of 8 DNS blocklists |
---
## Network & Infrastructure Analysis
Ownership: The IP belongs to Amazon Data Services Ireland Limited under ASN 16509. The BGP prefix 3.192.0.0/10 indicates stable AWS infrastructure routing.
DNS Resolution: Forward resolution confirms `ec2-3-252-131-227.eu-west-1.compute.amazonaws.com`. PTR record matches forward resolution (forward confirmed).
Service Exposure: No open ports detected. The profile indicates "Firewalled / No Services" with no TLS certificates, HTTP banners, or active services.
Neighborhood Assessment: The /24 subnet (3.252.131.0/24) shows 0 abuse density with clean classification. No threat siblings detected in the immediate neighborhood.
---
## Historical Intelligence
Observation History: 25 signal observations recorded from 2026-06-14 through 2026-06-18.
Temporal Analysis:
- No ownership changes detected
- 0 threat persistence days
- 0 threat observation count
- Not flagged as persistently malicious
Signal Evolution: Historical data shows consistent AWS infrastructure classification with stable geolocation (Dublin, IE) and routing attributes. No significant risk escalation observed.
---
## Relationship Graph Analysis
Total Relationships: 46 links identified
- Network Associations: Multiple links to AMAZON-DUB network
- DNS Associations: Hostname `ec2-3-252-131-227.eu-west-1.compute.amazonaws.com`
- Campaign Correlations: 0 correlated IPs, 0 certificate matches
Risk Implications: Relationships are consistent with legitimate AWS cloud infrastructure. No malicious peer associations detected.
---
## Recommended Security Actions
Current Risk Level: LOW (Score: 25)
Recommended Actions: None. No firewall rules, blocking recommendations, or mitigation actions are warranted based on current risk profile.
Suggested Monitoring: Standard monitoring for AWS cloud compute resources. No special threat hunting required.
---
## Intelligence Conclusion
IP 3.252.131.227 represents a legitimate AWS EC2 instance with no threat indicators. The low risk score (25), clean subnet neighborhood, absence of active services, and stable historical profile indicate this is not a threat source. SOC analysts may treat this as a benign IP address requiring only standard monitoring.
Priority: LOW | Action: None required
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Amazon Data Services Ireland Limited |
| ASN | AS16509 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | ec2-3-252-131-227.eu-west-1.compute.amazonaws.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | ec2-3-252-131-227.eu-west-1.compute.amazonaws.com |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 3 |
| routing | 41% | 1 | 5 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 18% | 1 | 2 |
| geolocation | 33% | 2 | 3 |
| Overall | 28% | 10 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:15 UTC |
| Last Seen | 2026-06-27 04:17:29 UTC |
| Profile Built | 2026-06-27 22:23:35 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 33 |
Full dossier details are available via our API.