52.91.108.12
IP Intelligence Briefing: 52.91.108.12/32
Date: 2026-06-14
---
**1. Core Profile**
- Risk Score: 25 (Low Risk)
- Ownership: Owned by Amazon Technologies Inc. (ASN: 16509)
- Geolocation: Ashburn, VA, US (39.04°N, -77.49°E)
- Network Role: AWS CloudCompute infrastructure (Hosting, CDN: No, Residential: No)
- Threat Indicators: No malicious activity detected (no blacklists, campaigns, or DNS abuse).
---
**2. Observed Activity**
- Recent Signals (Last 30 Days):
- June 14, 2026: RDP service (port 3389) detected via network scan.
- June 3, 2026: Traceroute failed due to ICMP blocking; geolocation validated as plausible.
- BGP Data:
- Prefix: `52.88.0.0/13` (AS14618 - Amazon.com, Inc.).
- Route stability: Stable (no recent changes).
---
**3. Relationships & Connections**
- DNS Associations:
- `ec2-52-91-108-12.compute-1.amazonaws.com` (AWS EC2 instance).
- Network Relationships:
- Linked to subnet `AT-88-Z` (AS14618).
- No external malicious relationships identified.
---
**4. Neighborhood Analysis**
- Subnet: `52.91.108.12/24`
- Abuse Density: 0% (no malicious neighbors detected).
- Active Siblings: 0 (no other IPs in the subnet reported).
---
**5. Recommendations**
1. Secure RDP Access:
- Verify if port 3389 (RDP) is required for legitimate use.
- Enforce multi-factor authentication (MFA) and restrict access to trusted networks.
2. Monitor for Anomalies:
- Track changes in network behavior or new service exposures.
- Validate DNS records and ensure AWS security groups/firewalls are configured correctly.
3. Geolocation Validation:
- ICMP blocking may obscure deeper analysis; consider alternative validation methods.
---
Conclusion:
The IP is part of AWS infrastructure with no direct threat indicators. However, the open RDP port poses a potential attack surface. SOC teams should focus on securing cloud resources and monitoring for unexpected changes. No immediate mitigation required, but ongoing surveillance is advised.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Technologies Inc. |
| ASN | AS16509 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-52-91-108-12.compute-1.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-52-91-108-12.compute-1.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 45% | 1 | 6 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 27% | 10 | 21 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:27 UTC |
| Last Seen | 2026-06-27 07:44:01 UTC |
| Profile Built | 2026-06-28 01:49:34 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 32 |
Full dossier details are available via our API.