IPMediumSignal 0/100
3.137.136.201
Location
United StatesDublin, OH
ASN
AS16509
AWS EC2 (us-east-2)
First Seen
Mar 6, 2025
Last Seen
Jun 18, 2026
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags
Network Information
CountryUnited States
United StatesRegionDublin, OH
ASNAS16509
OrganizationAWS EC2 (us-east-2)
Feed Intelligence Summary
12 reports0% confidence
12
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched
Activity Timeline
Jun 18Jun 18
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
This IPv4 address, 3.137.136.201, has been explicitly whitelisted by multiple reputable threat intelligence services, including Blocklist.de-Firehol and CTU-AIPP-BlackList-4. With a calculated score of 0.0, this indicator is considered benign and poses no immediate threat to the organization. Its historical inclusion in various threat feeds appears to be due to automated scanning or initial flagging, which has since been remediated by its whitelisted status. Organizations can be reassured that t…
Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
12
Reports
First seenMar 6, 2025
Last seenJun 18, 2026
GeolocationUS
CountryUnited States
LocationDublin, OH
ASNAS16509
OrgAWS EC2 (us-east-2)
Coords39.9625, -83.0061
VirusTotal
Not checked
WHOIS
- description
- Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:ftp-brute, abuseipdb:hacking. 3.137.136.201 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).
- raw
- NetRange: 3.128.0.0 - 3.255.255.255 CIDR: 3.128.0.0/9 NetName: AT-88-Z NetHandle: NET-3-128-0-0-1 Parent: NET3 (NET-3-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Amazon Technologies Inc. (AT-88-Z) RegDate: 2018-06-25 Updated: 2018-09-13 Ref: https://rdap.arin.net/registry/ip/3.128.0.0 OrgName: Amazon Technologies Inc. OrgId: AT-88-Z Address: 410 Terry Ave N. City: Seattle StateProv: WA PostalCode: 98109 Country: US RegDate: 2011-12-08 Updated: 2024-01-24 Comment: All abuse reports MUST include: Comment: * src IP Comment: * dest IP (your IP) Comment: * dest port Comment: * Accurate date/timestamp and timezone of activity Comment: * Intensity/frequency (short log extracts) Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time. Ref: https://rdap.arin.net/registry/entity/AT-88-Z OrgTechHandle: ANO24-ARIN OrgTechName: Amazon EC2 Network Operations OrgTechPhone: +1-206-555-0000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN OrgRoutingHandle: ARMP-ARIN OrgRoutingName: AWS RPKI Management POC OrgRoutingPhone: +1-206-555-0000 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN OrgNOCHandle: AANO1-ARIN OrgNOCName: Amazon AWS Network Operations OrgNOCPhone: +1-206-555-0000 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN OrgRoutingHandle: IPROU3-ARIN OrgRoutingName: IP Routing OrgRoutingPhone: +1-206-555-0000 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN OrgAbuseHandle: AEA8-ARIN OrgAbuseName: Amazon EC2 Abuse OrgAbusePhone: +1-206-555-0000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
- references
- https://example.com
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 3 days ago
Appeared in 12 threat reports