# IP Intelligence Briefing: 54.216.0.111/32
Classification: Low Risk โ Legitimate Cloud Infrastructure
Risk Score: 25/100
Date of Analysis: 2026-06-21
---
## Executive Summary
IP 54.216.0.111 is a low-risk, legitimate Amazon Web Services (AWS) cloud instance hosted in Dublin, Ireland (eu-west-1). The address exhibits no active threat indicators, is not associated with known malicious campaigns, and shows clean neighborhood metrics. No security actions are currently recommended based on the risk profile.
---
## Ownership and Network Profile
- ASN: 16509 (Amazon.com, Inc.)
- Organization: AMAZO-ZDUB3
- CIDR Block: 54.216.0.0/15
- Infrastructure Type: CloudCompute (AWS EC2)
- Network Role: Cloud Hosting Provider
- Service Purpose: Firewalled / No Services Detected
The IP resolves to hostname `ec2-54-216-0-111.eu-west-1.compute.amazonaws.com`, confirming AWS EC2 instance identity. DNS validation is complete with forward resolution confirmed and SPF/DMARC records present.
---
## Geolocation Intelligence
- Country: Ireland (IE)
- City: Dublin
- Region: D
- Coordinates: 53.35°N, 6.26°W
- Timezone: Europe/Dublin
- Geographic Accuracy: 150km radius
- Geo Consensus: True (multi-source validation)
Note: One geo-plausibility flag was false, but multi-signal inference confirms Dublin location with 56% confidence.
---
## Threat Assessment
Threat Indicators: None detected
- Is Known Attacker: False
- Is Tor Exit Node: False
- Is Spam Source: False
- Blacklist Count: 0
- Known Campaigns: None
- Abuse Confidence Score: Not applicable (legitimate infrastructure)
Control Plane Metrics:
- DNSSEC Valid: True
- Operator Score: 0.2609 (Basic)
- DNSBL Listed: 1 of 8 lists (likely false positive for cloud IP)
- Route Stability: False (normal for cloud environments)
---
## Historical Analysis
Observation Count: 22 historical signals
- Most Recent: 2026-06-21
- Threat Persistence Days: 0
- Ownership Changes: 0
- Is Persistently Malicious: False
History indicates consistent, benign behavior with no escalation patterns. Signals confirm stable AWS infrastructure deployment with no malicious signal transitions.
---
## Neighborhood Context
- Subnet: 54.216.0.111/24
- Abuse Density: 0 (clean)
- Threat Siblings: 0
- Active Siblings: 1
- Classification: Clean
No neighboring IPs show elevated risk. The subnet demonstrates normal cloud infrastructure patterns.
---
## Relationship Graph
Detected Relationships: 42 total
- Primary Associations: Same Network (AMAZO-ZDUB3), DNS Resolution (AWS hostname)
- Correlated IPs: 0
- Certificate Matches: 0
Relationships confirm legitimate cloud infrastructure network associations with no suspicious entity links.
---
## Recommended Actions
Current Recommendation: No Action Required
- Risk score of 25 falls within normal operational parameters for cloud infrastructure
- No firewall rules or blocking recommended
- Monitor as-is for baseline behavior
Monitoring Guidance:
- Standard traffic monitoring applicable
- No special alerting required
- Consider whitelisting for legitimate AWS traffic patterns if previously observed
---
## Analyst Notes
This IP represents standard AWS cloud compute infrastructure. The low risk score, clean threat indicators, and absence of malicious associations support treating this as legitimate traffic. No investigation or blocking recommended unless specific malicious activity is observed at the application layer.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Amazon.com, Inc. |
| ASN | AS16509 |
| Network Name | AMAZO-ZDUB3 |
| CIDR Block | 54.216.0.0/15 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | ec2-54-216-0-111.eu-west-1.compute.amazonaws.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | ec2-54-216-0-111.eu-west-1.compute.amazonaws.com |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 19% | 1 | 2 |
| services | 19% | 2 | 2 |
| ownership | 27% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 19% | 2 | 2 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-06-04 18:52:21 UTC |
| Last Seen | 2026-06-29 14:04:26 UTC |
| Profile Built | 2026-06-29 14:27:05 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 30 |
Full dossier details are available via our API.