35.90.87.249
## IP Intelligence Briefing: 35.90.87.249
Classification: LOW RISK β AWS Cloud Infrastructure
Report Date: Current
Risk Score: 25/100
---
Executive Summary
IP address 35.90.87.249 belongs to Amazon Web Services (AWS) cloud infrastructure and presents a low-risk threat profile. The address resolves to an Amazon EC2 instance in the US West (Oregon) region with no active threat indicators or malicious behavior observed.
---
Infrastructure Profile
The IP address is classified as cloud infrastructure operating within the Amazon Web Services network (ASN 16509, Organization: Amazon.com, Inc.). The CIDR block 35.80.0.0/12 indicates this is part of a larger AWS infrastructure deployment. Geolocation data consistently places the address in Portland, Oregon, with coordinates 45.59, -122.6.
Key Attributes:
- DNS Hostname: ec2-35-90-87-249.us-west-2.compute.amazonaws.com
- Infrastructure Type: CloudCompute
- Connection Type: Firewall (no services exposed)
- Network Classification: Provider/Hosting
- Reputation: Low Risk
---
Threat Analysis
Threat indicators returned empty with zero blacklist entries. The IP is not flagged as a Tor exit node, known attacker, or spam source. Abuse confidence score is unavailable, and no known campaigns correlate with this address.
Control Plane Data:
- RPKI State: Not validated
- DNSBL Listed: 1 of 8 total lists
- Operator Score: 0.2609 (Basic classification)
- Route Stability: False
---
Historical Observation
Analysis of 21 historical observations reveals consistent infrastructure classification. Recent signals (June 2026) confirm AWS cloud infrastructure status with 85-90% confidence. Historical pulses detected on June 20, 2026, included three threat-related pulse names, though no specific campaigns were identified.
Geographic consistency maintained throughout the observation period, with multi-signal inference consistently placing the IP in the Portland, OR region. Operator scoring remained stable at 0.2609.
---
Network Relationships
The IP maintains 32 documented relationships, predominantly DNS associations to the same EC2 hostname. Network-level associations link to the AMAZON-ZPDX subnet. No external organization or certificate relationships detected beyond AWS infrastructure.
---
Neighborhood Assessment
The /24 subnet (35.90.87.0/24) shows abuse density of 0 with classification "mostly_clean." No active sibling neighbors detected. Historically, 1 threat sibling has been observed in the neighborhood.
---
Recommended Security Actions
Risk assessment of 25/100 indicates minimal threat. No specific firewall rules or blocking actions recommended. Standard monitoring of AWS cloud infrastructure traffic is appropriate.
Recommended Actions:
- Monitor for any changes in risk profile
- Standard cloud traffic inspection
- No immediate blocking or rate-limiting required
---
Conclusion
IP 35.90.87.249 represents legitimate AWS cloud infrastructure with no current threat indicators. The low-risk classification and consistent infrastructure classification support continued monitoring without restrictive measures. SOC teams should treat traffic from this address as benign unless additional signals indicate otherwise.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon.com, Inc. |
| ASN | AS16509 |
| Network Name | AMAZON-ZPDX |
| CIDR Block | 35.80.0.0/12 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-35-90-87-249.us-west-2.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-35-90-87-249.us-west-2.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 2/2 domains |
| DMARC | 1/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Apache |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.0 |
π TLS Certificate
CN=campaign.network was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.| SANs | campaign.networkwww.campaign.network |
| Valid From | 2026-03-14T09:37:35+00:00 |
| Valid Until | 2026-06-12T09:37:34+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 053A37B1CF9549824615ECCD4663CFF8A88E |
| Thumbprint | E5095696993FD588191C70050AE7C4B0CE61B6CE |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 37% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 37% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 32% | 1 | 3 |
| geolocation | 34% | 2 | 3 |
| Overall | 29% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-25 12:42:33 UTC |
| Last Seen | 2026-06-29 01:42:39 UTC |
| Profile Built | 2026-06-29 07:45:06 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 27 |
Full dossier details are available via our API.