IPDebrief

18.97.19.187

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

## IP Intelligence Briefing: 18.97.19.187/32

Executive Summary

The IP address 18.97.19.187 is a Moderate Risk (40/100) address hosted on Amazon Web Services infrastructure in Ashburn, VA. The IP operates within a /24 subnet classified as high-abuse density (0.5385) with 7 threat siblings. No active open services were detected, though the DNS hostname indicates scanning activity.

---

Infrastructure Profile

Ownership: Amazon Technologies Inc. (AS14618)

Infrastructure Type: Cloud Compute / Hosting

Network Role: AWS Cloud Infrastructure

Geolocation: Ashburn, VA, US (39.04, -77.49)

DNS Resolution: scanner-18-97-19-187.reposify.net

PTR Hostnames: scanner-18-97-19-187.reposify.net

Forward Resolution: Confirmed

---

Risk Assessment

Risk Score: 40/100 (Moderate Risk)

Abuse Confidence: Not explicitly scored

Blacklist Status: 0 blacklists

Risk Factors:

Mitigating Factors:

---

Neighborhood Context

Subnet: 18.97.19.187/24

Total Siblings: 13

Active Siblings: 10

Threat Siblings: 7

Abuse Density: 0.5385

Notable Neighbors:

IP AddressRisk ScoreAuthority Score
18.97.19.1334060
18.97.19.1544060
18.97.19.1634060
18.97.19.1854060
18.97.19.2074060
18.97.19.2194060
18.97.19.2294060
18.97.19.2424060
18.97.19.2444060
18.97.19.2454060
18.97.19.2464060
18.97.19.2494060

---

Temporal Analysis

Observations: 21 total historical signals

Ownership Stability: No changes detected

Threat Persistence: 0 days (no persistent malicious activity)

Recent Activity: Latest observations from 2026-06-15 show consistent high-abuse subnet classification

---

Threat Indicators

Threat Indicators: None detected

Campaign Associations: None

Known Attacker: No

Spam Source: No

Tor Exit Node: No

Proxy/VPN: No

---

Recommended Security Actions

Firewall Rules:

```bash

# iptables

iptables -A INPUT -s 18.97.19.187 -j DROP

# nftables

nft add rule inet filter input ip saddr 18.97.19.187 drop

# nginx

deny 18.97.19.187;

# pfSense

18.97.19.187/32

```

Cloud Platform Recommendations:

Cloudflare WAF:

```json

{

"description": "Block 18.97.19.187 β€” IPDebrief risk score 40",

"action": "block",

"filter": {

"expression": "ip.src eq 18.97.19.187"

}

}

```

AWS WAF:

```json

{

"Addresses": ["18.97.19.187/32"],

"Description": "IPDebrief risk 40"

}

```

---

Intelligence Narrative

IP 18.97.19.187 represents a moderate-risk AWS infrastructure endpoint operating within a high-abuse-density subnet. The DNS hostname "scanner-18-97-19-187.reposify.net" indicates the IP may be used for scanning operations or as part of a broader reconnaissance infrastructure. While no active open services were detected, the IP's contextual placement within a subnet containing 7 threat siblings warrants defensive monitoring.

The IP shows no signs of persistent malicious activity or known campaign associations. However, the combination of the scanner designation hostname and high-abuse subnet classification suggests this IP may be part of automated infrastructure that could be leveraged for reconnaissance or lateral movement attempts.

Recommended Action: Implement blocking at perimeter security controls. Given the moderate risk score and lack of immediate threat indicators, this should be combined with other contextual signals before enforcement. Monitor for any changes in service availability or behavioral patterns.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionVA
CityAshburn
TimezoneAmerica/New_York
Latitude39.04
Longitude-77.49

🏒 Ownership & Registration

OrganizationAmazon Technologies Inc.
ASNAS14618
Network Nameβ€”
CIDR Blockβ€”
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTRscanner-18-97-19-187.reposify.net
Forward ConfirmedYes β€” FCrDNS verified
Forward Hostnamesscanner-18-97-19-187.reposify.net

πŸ” DNS Hygiene

Hygiene Score60% (Good)
SPFPresent
DMARCNot configured
FCrDNSVerified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeSingle-Service Host
Network TierHosting β€” Infrastructure provider without advanced routing
CloudHosting

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
80httptcpβ€”
Closed Ports22, 25, 443, 3389, 8080, 8443 (1 open / 7 scanned)
ServerReposify
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
29%
24
routing
8%
11
services
35%
23
ownership
24%
23
reputation
31%
13
geolocation
33%
23
Overall27%1017
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (70%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-19 09:36:49 UTC
Last Seen2026-06-28 08:45:02 UTC
Profile Built2026-06-29 02:51:06 UTC
Data FreshnessLive
Signal Types24
Total Observations27
πŸ” 24 signal types Β· 27 observations collected
This report is generated from 24+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.