# IPDEBRIEF INTELLIGENCE BRIEFING
Subject: 18.209.86.113/32
Classification: Low Risk Infrastructure IP
Date: 2026-06-16
Analyst: IPDebrief SOC Team
---
## EXECUTIVE SUMMARY
IP 18.209.86.113 is a low-risk infrastructure address belonging to Amazon Web Services (AWS). The IP is classified as a cloud compute resource with no active threat indicators. No immediate blocking action is recommended for defensive security operations.
---
## OWNERSHIP & ATTRIBUTION
| Attribute | Value |
|---|---|
| **Organization** | Amazon Technologies Inc. |
| **ASN** | 14618 (AT-88-Z) |
| **CIDR Block** | 18.32.0.0/11 |
| **Geolocation** | Ashburn, VA, US |
| **Infrastructure Type** | Cloud Compute (AWS) |
| **Registration** | ARIN (2005-11-04) |
---
## RISK ASSESSMENT
Overall Risk Score: 25/100 (Low Risk)
| Metric | Score | Status |
|---|---|---|
| Risk Score | 25 | Low Risk |
| Provider Score | 0 | N/A |
| Authority Score | 0 | N/A |
| Stability Score | 0 | N/A |
| Abuse Confidence | N/A | N/A |
Threat Indicators: None detected
- Not a Tor exit node
- Not a known attacker
- Not a spam source
- Zero blacklist entries
---
## NETWORK PROFILE
Network Role: AWS Cloud Infrastructure
- Connection Type: Cloud service
- Hosting: Yes
- CDN/VPN/Proxy: No
- Bogon/Anycast: No
DNS Resolution:
- PTR Hostname: keeper-us-east-1d.mxtoolbox.com
- Forward Resolution: keeper-us-east-1d.mxtoolbox.com
- Forward Confirmed: Yes
Services: No open ports detected (firewalled infrastructure)
---
## GEOLOCATION VALIDATION
| Metric | Value |
|---|---|
| Country | US |
| Region | VA |
| City | Ashburn |
| Accuracy Radius | 150 km |
| Geo Consensus | Valid |
| Geo Plausible | Yes |
| Violation Status | ICMP blocked - unable to validate |
---
## HISTORICAL OBSERVATIONS
Total Observations: 23 signals
Recent Activity (2026-06-16):
- Port scanning activity detected
- Blacklist listing observed (8 total lists, 1 high severity)
- DNS and routing stability signals
- ASN assignment confirmed (7,524 days)
Temporal Analysis:
- Ownership changes: 0
- Threat persistence days: 0
- Persistently malicious: No
- Threat observation count: 0
---
## RELATIONSHIP GRAPH
Total Relationships: 25
Primary Associations:
- DNS: keeper-us-east-1d.mxtoolbox.com (repeated associations)
- Network: AT-88-Z (18.209.86.0/24 subnet)
No malicious entity relationships detected.
---
## NEIGHBORHOOD ANALYSIS
Subnet: 18.209.86.0/24
- Abuse Density: 0% (Clean)
- Classification: Clean
- Active Siblings: 0
- Threat Siblings: 0
- Total Siblings: 1
Assessment: No neighboring IPs show malicious activity.
---
## RECOMMENDED ACTIONS
| Action Type | Status |
|---|---|
| Blocking | Not Recommended (Low Risk) |
| Allowlisting | Consider for AWS infrastructure |
| Monitoring | Standard traffic monitoring |
| Firewall Rules | None required |
Rationale: This IP represents AWS infrastructure with no active threat indicators. Standard defensive posture for cloud provider IPs applies.
---
## INTELLIGENCE NARRATIVE
IP 18.209.86.113 is a legitimate AWS infrastructure address located in Ashburn, Virginia. The IP resolves to mxtoolbox.com email services and operates within the 18.32.0.0/11 AWS block. Historical analysis shows consistent ownership by Amazon Technologies Inc. since 2005 with no malicious activity patterns. The subnet demonstrates zero abuse density and no neighboring threat indicators. A single blacklisting event was observed on 2026-06-16 across 8 total lists, with high severity classification on one listing; however, the overall risk score remains low (25/100). No open ports are detected, consistent with firewall-hardened AWS infrastructure. No firewall blocking is recommended for this address. SOC teams should treat this as benign AWS traffic unless specific campaign indicators emerge.
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Technologies Inc. |
| ASN | AS14618 |
| Network Name | AT-88-Z |
| CIDR Block | 18.32.0.0/11 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | keeper-us-east-1d.mxtoolbox.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | keeper-us-east-1d.mxtoolbox.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 19% | 2 | 2 |
| ownership | 30% | 3 | 4 |
| reputation | 13% | 1 | 2 |
| geolocation | 31% | 2 | 3 |
| Overall | 25% | 12 | 18 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-29 18:14:27 UTC |
| Last Seen | 2026-06-29 06:38:01 UTC |
| Profile Built | 2026-06-29 06:42:36 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 25 |
Full dossier details are available via our API.