Threat Intelligence Briefing: IP 52.15.113.239/32
Overview:
The IP address 52.15.113.239/32, allocated in the United States, was observed through various network intelligence tools. The following intelligence summary consolidates findings on its profile, historical observations, relationships, and neighborhood characteristics, offering actionable insights for SOC teams.
Profile:
- Provider and Location: The IP is owned by Amazon, specifically associated with AWS (Amazon Web Services) and is located in Ashburn, Virginia. This IP falls within a range used for AWS EC2 instances, indicating it is likely used for cloud-based services.
- Services: The address is primarily linked to AWS services, suggesting potential use for hosting applications, web services, or cloud infrastructure.
Observation History:
- Traffic Patterns: Historical data shows regular traffic consistent with cloud service usage. Patterns include significant outbound data transfer, indicative of application data or cloud-to-cloud communication.
- Anomalies: There were no significant anomalies observed in the traffic patterns. The usage remained consistent with expected behaviors for AWS-hosted services.
Relationships:
- Associated Domains: The IP has been associated with several domains managed through AWS Route 53, a DNS service. These domains are primarily used for web applications and services, reinforcing the IP's role in hosting and cloud operations.
- Network Peering: The IP is part of AWS's extensive network peering arrangements, interacting with other AWS infrastructure and possibly third-party cloud services.
Neighborhood Data:
- Proximity: The IP is situated within a dense AWS network block, surrounded by other IPs hosting similar cloud services. This environment is typical for cloud service providers, emphasizing scalability and redundancy.
- Neighboring IPs: Nearby IPs also exhibit patterns of high-volume data transfer and are similarly associated with AWS services, indicating a shared infrastructure environment.
Actionable Insights:
- Monitoring: Given the IP's association with AWS, it is advisable to monitor for unusual outbound traffic that deviates from established patterns, as this could indicate a compromised or misconfigured instance.
- Security Posture: Ensure that all applications and services hosted on this IP adhere to AWS security best practices, including regular updates and security patching.
- Access Controls: Review and enforce strict access controls and identity management practices to prevent unauthorized access to services hosted on this IP.
This intelligence provides a foundational understanding of the IP's role within AWS infrastructure, aiding SOC teams in proactive monitoring and threat mitigation efforts.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Technologies Inc. |
| ASN | AS16509 |
| Network Name | AT-88-Z |
| CIDR Block | 52.0.0.0/10 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | server.driverschoice.ca |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | server.driverschoice.ca |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Apache |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_7.4 |
π TLS Certificate
CN=driverschoice.ca, OU=Domain Control Validated was found on this IP. This may indicate a previously hosted website, a decommissioned service, or stale infrastructure.| SANs | driverschoice.cawww.driverschoice.ca |
| Valid From | 2020-10-09T16:10:38+00:00 |
| Valid Until | 2021-11-10T16:10:38+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 397 days |
| Serial Number | 00B839E43D6C56CE47 |
| Thumbprint | C1B45B409623E56173B9722D561347D27A2C64CD |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 24% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 22% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 21% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-26 12:52:16 UTC |
| Last Seen | 2026-06-29 03:10:31 UTC |
| Profile Built | 2026-06-29 03:14:59 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 24 |
Full dossier details are available via our API.