35.154.250.127
IP INTELLIGENCE BRIEFING
Target: 35.154.250.127/32
Date: Analysis completed
Classification: Low Risk - Cloud Infrastructure
EXECUTIVE SUMMARY
IP 35.154.250.127 is an Amazon Web Services EC2 instance deployed in the Mumbai region (ap-south-1) with an overall risk score of 25 (Low Risk). The IP hosts infrastructure for Conair Group and operates as a web server with standard cloud compute services. No active malicious campaigns or attacker indicators were detected.
OWNERSHIP & GEOLOCATION
- ASN: 16509 (Amazon.com, Inc.)
- Organization: Amazon Data Services India
- Network Block: 35.154.0.0/16
- Location: Mumbai, India (ap-south-1)
- Geographic Consensus: Mixed (2 sources, geoPlausible: false)
- Infrastructure Type: Cloud Compute (AWS EC2)
NETWORK SERVICES
- Open Ports: TCP/80 (HTTP), TCP/443 (HTTPS), TCP/22 (SSH)
- SSH Version: OpenSSH_8.9p1 Ubuntu-3ubuntu0.4
- TLS Certificate: Issued to *.conairgroup.in / conairgroup.in (Conair Group, Pennsylvania, US)
- TLS Protocol: TLSv1.3 with cipher suite TLS_AES_256_GCM_SHA384
- DNS PTR: ec2-35-154-250-127.ap-south-1.compute.amazonaws.com
THREAT ASSESSMENT
- Risk Score: 25/100 (Low Risk)
- Abuse Confidence Score: Not applicable (cloud infrastructure)
- Blacklist Count: 0
- Known Attacker: No
- Spam Source: No
- Tor Exit: No
- Campaign Likelihood: None detected
- Threat Persistence: 0 days
- DNSBL Listings: 1 of 8 total lists (basic operator level)
OBSERVATION HISTORY (22 signals)
Recent activity observed on 2026-06-20 included:
- Connection failures on HTTPS endpoints
- DNS resolution for conairgroup.in with SPF records configured
- TLS certificate validation for Conair Group domain
- ASN verification (16509) and geographic attribution to US/India
- Port scanning activity detected (ports 80, 443, 22)
RELATIONSHIPS & NETWORK CONTEXT
- DNS Associations: ec2-35-154-250-127.ap-south-1.compute.amazonaws.com (3 occurrences)
- Network Peering: AMAZON-BOM (Bangalore/Mumbai region)
- Total Relationships: 57 entities (hostnames, networks, DNS records)
- Subnet Classification: Mostly clean (35.154.250.0/24)
- Abuse Density: 1 (minimal)
- Threat Siblings: 1 detected in subnet
SOC ACTIONS & RECOMMENDATIONS
Based on the risk profile, the following actions are recommended:
1. Monitoring: Continue standard logging for this IP. No immediate blocking required due to low-risk classification.
2. SSH Access: Standard SSH port (22) is open. Verify that access is restricted to authorized IP ranges. Implement fail2ban if SSH access is not required.
3. TLS Inspection: Certificate validation shows valid Conair Group certificate. Verify that certificate usage aligns with business requirements.
4. DNSBL Review: Single DNSBL listing detected. Investigate the specific list and determine if the IP has been incorrectly flagged.
5. Traffic Baseline: Establish normal traffic patterns for this EC2 instance to detect anomalies.
CONCLUSION
IP 35.154.250.127 is a legitimate Amazon Web Services cloud compute instance supporting Conair Group web services. The IP shows no evidence of malicious activity, campaign participation, or abuse. Standard cloud security monitoring practices are sufficient. No immediate remediation or blocking actions are required.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Amazon Data Services India |
| ASN | AS16509 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | ec2-35-154-250-127.ap-south-1.compute.amazonaws.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | ec2-35-154-250-127.ap-south-1.compute.amazonaws.com |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 2/2 domains |
| DMARC | 1/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | awselb/2.0 |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.4 |
๐ TLS Certificate
CN=*.conairgroup.in, O=Conair Group, S=Pennsylvania, C=US was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.| SANs | *.conairgroup.inconairgroup.in |
| Valid From | 2025-01-22T00:00:00+00:00 |
| Valid Until | 2026-01-20T23:59:59+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384RSA |
| Validity Period | 363 days |
| Serial Number | 00C54A5290402F3B256CF57E127AD6F9CB |
| Thumbprint | 428957DF55F003A43F9EE18975878739D227CEF4 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 26% | 10 | 16 |
| Data Coherence | Mixed Signals (68%) โ 2 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
โ TLS certificate claims US but primary geo says IN
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-20 22:13:08 UTC |
| Last Seen | 2026-06-28 12:43:19 UTC |
| Profile Built | 2026-06-29 06:48:29 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.