18.203.84.147📋 Copy

# INTELLIGENCE BRIEFING: 18.203.84.147

Classification: AWS Cloud Compute Infrastructure | Date: June 2026 | Risk Level: LOW

---

## EXECUTIVE SUMMARY

IP address 18.203.84.147 is a cloud infrastructure endpoint belonging to Amazon Web Services (AWS) Ireland datacenter (eu-west-1). The IP exhibits a low-risk profile with no active threat indicators, zero blacklist entries, and minimal neighborhood abuse density. The asset is classified as a single-service host (cloud compute) with legitimate DNS and TLS infrastructure.

---

## ASSET IDENTIFICATION

---

## NETWORK CLASSIFICATION

The IP is classified as CloudCompute infrastructure with the following characteristics:

• Is Cloud: Yes (AWS EC2 instance)
• Is Hosting: Yes
• Is CDN: No
• Is Proxy/Tor/VPN: No
• Service Purpose: Single-Service Host

Control Plane Indicators:

• Origin ASN: 16509
• BGP Prefix: 18.202.0.0/15
• DNSSEC: Valid
• DNSBL Listed: 0/8 lists
• Operator Score: 0.2609 (Basic)

---

## THREAT ASSESSMENT

Risk Score: 0/100 | Reputation: Low Risk

Threat Indicators:

• No known attacker signatures
• No spam source association
• Not a Tor exit node
• Zero blacklist entries
• No persistent malicious activity detected
• Threat observation count: 1 (non-malicious)

Campaign Correlation: None detected. No certificate matches, banner matches, or correlated IPs identified.

---

## INFRASTRUCTURE DETAILS

DNS Resolution:

• PTR: ec2-18-203-84-147.eu-west-1.compute.amazonaws.com
• Forward Resolution: Confirmed
• Hosted Domain: amazonaws.com

Active Services:

• Port 8443/tcp (https-alt)

TLS Certificate:

• Issuer: Sectigo Public Server Authentication CA OV R36 (Sectigo Limited, GB)
• Subject: production-c7gn-large-aws-ie-dub-83454fb0.gen-vpn.com
• Organization: Gen Digital Inc. (Arizona, US)
• Not Self-Signed

Email Authentication:

• SPF: Configured
• DMARC: Configured

---

## OBSERVATION HISTORY (24 Signals)

Recent observations confirm stable cloud infrastructure characteristics:

1. Geolocation: Consistent Dublin, IE placement via multi-signal inference (confidence: 0.56)

2. Network Classification: AWS cloud infrastructure identified (confidence: 0.90)

3. Operator Assessment: Basic classification (raw score: 0.3)

4. Blacklist Status: No listings detected across 8 threat feeds

5. DNS: gen-vpn.com domain observed with standard email authentication

Temporal Analysis:

• Ownership changes: 0
• Threat persistence days: 0
• Classification: Not persistently malicious

---

## NETWORK NEIGHBORHOOD (18.203.84.0/24)

• Subnet Abuse Density: 0 (mostly clean)
• Inherited Risk: 2 (low)
• Total Siblings: 1
• Active Siblings: 1
• Threat Siblings: 1

The /24 subnet shows minimal abuse activity with one active sibling IP and no high-risk neighbors.

---

## RELATIONSHIP MAPPING

34 relationships identified, primarily:

• Network associations: AMAZON-DUB (multiple entries)
• DNS associations: ec2-18-203-84-147.eu-west-1.compute.amazonaws.com
• Cloud infrastructure relationships

No suspicious external entity associations detected.

---

## RECOMMENDATIONS

For SOC Analysts:

1. No Action Required: This IP represents legitimate AWS cloud infrastructure with no threat indicators.

2. Allow Traffic: Standard egress/ingress rules for AWS EC2 instances apply.

3. Monitor TLS Certificates: Certificate subject indicates Gen Digital Inc. usage (cloud service provider).

4. Baseline Behavior: Establish normal traffic patterns for this AWS EC2 endpoint.

Firewall Rules: No blocking recommended. Standard cloud provider IP allowlisting applies.

---

Analysis Notes: This IP is part of AWS's Dublin datacenter infrastructure. The TLS certificate subject (Gen Digital Inc.) indicates this host may be utilized by a cloud service provider or hosting partner. The clean threat profile and standard AWS network classification support continued monitoring without intervention.

---

*Generated via IPDebrief Intelligence Platform*

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.