IPDebrief

108.129.147.25

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON ๐Ÿ”ง Full Actions API
๐Ÿค– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# INTELLIGENCE BRIEFING: IP 108.129.147.25/32

Classification: LOW RISK

Date: Current

Analysis ID: IP-108.129.147.25-001

---

## EXECUTIVE SUMMARY

Intellect analysis of IP address 108.129.147.25/32 classifies the address as LOW RISK with an overall risk score of 25. The IP is an AWS EC2 instance deployed in Dublin, Ireland (eu-west-1 region), operating as a Splunk infrastructure endpoint. No active threat indicators or malicious activity patterns were detected during this assessment.

---

## OWNERSHIP & INFRASTRUCTURE

AttributeValue
**ASN**16509 (Amazon.com, Inc.)
**Organization**Amazon Data Services Ireland Limited
**Network**AMAZON-DUB
**Location**Dublin, Ireland (53.35°N, -6.26°W)
**CIDR Block**108.128.0.0/13 (BGP Prefix)
**RIR**ARIN
**Infrastructure Type**CloudCompute

The IP is hosted on Amazon Web Services infrastructure, specifically within the Ireland EU-West-1 region. The address is properly registered and maintains route stability with no recent route changes observed.

---

## NETWORK SERVICES & FINGERPRINTING

ServicePortProtocolDetails
HTTPS443TCPWeb service endpoint
SSH22TCPSSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15

DNS Resolution:

TLS Certificate:

Server Fingerprint: Splunkd (HTTP 303 response)

---

## THREAT INTELLIGENCE

IndicatorStatus
Known AttackerNo
Spam SourceNo
Tor Exit NodeNo
Blacklist Count0
Abused Confidence ScoreNot applicable
Known CampaignsNone
DNSBL Listed1 (of 8 total lists)
Threat Persistence0 days

Threat Observation Count: 1 (historical, non-persistent)

No active threat indicators were identified during this assessment. The IP is not associated with known malicious campaigns or threat actor infrastructure.

---

## NEIGHBORHOOD ANALYSIS

Subnet: 108.129.147.25/24

MetricValue
Abuse Density0 (Low)
ClassificationMostly Clean
Total Siblings1
Active Siblings0
Threat Siblings1
Inherited Risk2

The surrounding /24 subnet demonstrates minimal abuse activity. One threat sibling IP was observed in historical data, but no active threats were detected in the immediate neighborhood.

---

## OBSERVATION HISTORY

Total Observations: 27 signals collected over monitoring period

Recent Activity:

The IP's temporal profile shows consistent low-risk characteristics throughout the observation window. No escalating threat patterns were identified.

---

## RELATIONSHIP MAPPING

Total Relationships: 38

Key Associations:

No suspicious external relationships were identified. The IP maintains typical AWS infrastructure relationship patterns.

---

## RECOMMENDED ACTIONS

Firewall/Security Recommendations:

SOC Analyst Notes:

---

## CONCLUSION

IP address 108.129.147.25/32 is a legitimate AWS EC2 instance deployed in Dublin, Ireland, operating as part of Splunk educational infrastructure. The address demonstrates low-risk characteristics with no active threat indicators. No defensive action is required at this time.

Status: MONITOR (LOW RISK)

Priority: LOW

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

๐ŸŒ Geolocation

Country๐Ÿ‡ฎ๐Ÿ‡ช Ireland
RegionD
CityDublin
TimezoneEurope/Dublin
Latitude53.35
Longitude-6.26

๐Ÿข Ownership & Registration

OrganizationAmazon Data Services Ireland Limited
ASNAS16509
Network Nameโ€”
CIDR Block108.128.0.0/13
RIRARIN
Countryโ€”
Abuse ContactAvailable via RDAP

๐ŸŒ DNS Intelligence

PTRec2-108-129-147-25.eu-west-1.compute.amazonaws.com
Forward ConfirmedYes โ€” FCrDNS verified
Forward Hostnamesec2-108-129-147-25.eu-west-1.compute.amazonaws.com

๐Ÿ” DNS Hygiene

Hygiene Score80% (Excellent)
SPF1/2 domains
DMARC1/2 domains
FCrDNSVerified
DNSSECValid
CAANot configured
Domains Checked2 domains

โ˜๏ธ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeWeb Server
Network TierHosting โ€” Infrastructure provider without advanced routing
CloudHosting

๐Ÿ”Œ Services & Open Ports

PortServiceProtocolBanner
443httpstcpโ€”
22sshtcp
Closed Ports25, 80, 3389, 8080, 8443 (2 open / 7 scanned)
ServerSplunkd
HTTP Titleโ€”
SSH VersionSSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15

๐Ÿ” TLS Certificate

๐Ÿ”’
CN=*.students.splunk.education
Issued by CN=R13, O=Let's Encrypt, C=US
Self-signed: No
SANs*.students.splunk.education
Valid From2026-04-13T23:22:38+00:00
Valid Until2026-07-12T23:22:37+00:00
TLS ProtocolTls12
Cipher SuiteTLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Signature Algorithmsha256RSA
Validity Period89 days
Serial Number05A9315DAC547E0906584DD67282E8BAAE59
Thumbprint0919B45E6B9ACC1CE057466F165AE7D6A1690727

๐ŸŽฏ Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
36%
24
routing
24%
23
services
30%
23
ownership
27%
34
reputation
32%
13
geolocation
26%
22
Overall29%1219
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (70%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

๐Ÿ“… Observation Timeline ๐Ÿ”„ Live

First Seen2026-05-23 18:28:01 UTC
Last Seen2026-06-28 22:12:13 UTC
Profile Built2026-06-29 04:14:36 UTC
Data FreshnessLive
Signal Types26
Total Observations28
๐Ÿ” 26 signal types ยท 28 observations collected
This report is generated from 26+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API ๐Ÿ”ง Actions API ๐Ÿ“ง Enterprise Access

โ„น๏ธ About This Report

All data shown is publicly available network metadata โ€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.