3.86.228.228
IP INTELLIGENCE BRIEFING: 3.86.228.228/32
Classification: Low Risk β AWS Infrastructure Instance
Date: Current Analysis
Analyst: IPDebrief Intelligence Team
---
EXECUTIVE SUMMARY
Target IP 3.86.228.228 is a legitimate Amazon Web Services (AWS) infrastructure instance located in Ashburn, Virginia. The asset presents a low-risk profile (risk score: 25/100) with no active threat indicators, open services, or malicious activity detected. The IP belongs to AWS's Northern Virginia region (AMAZON-IAD) and operates within the 3.80.0.0/12 CIDR block.
---
OWNERSHIP & GEOLOCATION
| Attribute | Value |
|---|---|
| **Organization** | Amazon Data Services Northern Virginia |
| **ASN** | 14618 |
| **Network** | AMAZON-IAD (3.80.0.0/12) |
| **Location** | Ashburn, VA, United States |
| **Coordinates** | 39.05°N, -77.49°W |
| **RIR** | ARIN |
| **Registration** | Commercial AWS Infrastructure |
---
THREAT ASSESSMENT
Risk Score: 25 (Low)
Abuse Confidence: None
Blacklist Status: 1 DNSBL listing (non-blocking)
Known Campaigns: None
Threat Indicators:
- Not a Tor exit node
- Not a known attacker
- Not a spam source
- No active threat feed matches
- No correlation to known malware campaigns
Network Classification:
- Provider: Amazon Web Services
- Infrastructure: Cloud-hosted EC2 instance
- Service Status: Firewalled / No services exposed
- No open ports detected
---
OBSERVATION HISTORY
Total Observations: 19
Latest Signal: 2026-06-21
Historical Trend: Consistent low-risk profile with no escalation patterns observed.
Temporal Indicators:
- Ownership changes: 0
- Threat observation count: 0
- Persistence days: 0 (not persistently malicious)
- Subnet abuse density: 0 (clean classification)
- Route stability: Unstable (AWS dynamic routing typical)
---
RELATIONSHIP MAPPING
DNS Associations:
- ec2-3-86-228-228.compute-1.amazonaws.com (confirmed PTR record)
Network Relationships:
- AMAZON-IAD network (same network prefix)
No external threat correlations identified.
---
NEIGHBORHOOD ANALYSIS (3.86.228.0/24)
| Metric | Value |
|---|---|
| **Subnet Abuse Density** | 0% |
| **High-Risk Neighbors** | 0 |
| **Medium-Risk Neighbors** | 0 |
| **Low-Risk Neighbors** | 0 |
| **Classification** | Clean |
Conclusion: The /24 subnet shows no abuse activity or malicious neighbors. This is consistent with AWS infrastructure hosting patterns.
---
OPERATIONAL INTELLIGENCE
DNS Resolution:
- PTR: ec2-3-86-228-228.compute-1.amazonaws.com
- Forward confirmation: Valid
- DNSSEC: Valid
Email Reputation:
- SPF: Configured
- DMARC: Configured
- Domain: amazonaws.com
Control Plane:
- BGP prefix: 3.80.0.0/12
- Origin ASN: 14618
- Route changes (30d): 0
- RPKI state: Not evaluated
- DNSBL listed: 1 of 8 total lists
---
RECOMMENDED ACTIONS
Classification: No Action Required β Legitimate Infrastructure
| System | Recommended Action |
|---|---|
| **Firewall** | Allow (no blocking required) |
| **WAF** | No rules needed |
| **SIEM** | No correlation rules required |
| **Threat Intel** | No enrichment needed |
Rationale: This is a standard AWS EC2 instance with no malicious indicators. The IP is part of AWS's legitimate cloud infrastructure and presents no threat to defensive operations.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Northern Virginia |
| ASN | AS14618 |
| Network Name | AMAZON-IAD |
| CIDR Block | 3.80.0.0/12 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-3-86-228-228.compute-1.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-3-86-228-228.compute-1.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 2 |
| routing | 17% | 1 | 1 |
| services | 17% | 1 | 1 |
| ownership | 35% | 2 | 3 |
| reputation | 17% | 1 | 2 |
| geolocation | 24% | 2 | 2 |
| Overall | 22% | 9 | 11 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-12 03:19:26 UTC |
| Last Seen | 2026-06-21 19:28:41 UTC |
| Profile Built | 2026-06-21 19:37:47 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 22 |
Full dossier details are available via our API.