18.97.19.187
## IP Intelligence Briefing: 18.97.19.187/32
Executive Summary
The IP address 18.97.19.187 is a Moderate Risk (40/100) address hosted on Amazon Web Services infrastructure in Ashburn, VA. The IP operates within a /24 subnet classified as high-abuse density (0.5385) with 7 threat siblings. No active open services were detected, though the DNS hostname indicates scanning activity.
---
Infrastructure Profile
Ownership: Amazon Technologies Inc. (AS14618)
Infrastructure Type: Cloud Compute / Hosting
Network Role: AWS Cloud Infrastructure
Geolocation: Ashburn, VA, US (39.04, -77.49)
DNS Resolution: scanner-18-97-19-187.reposify.net
PTR Hostnames: scanner-18-97-19-187.reposify.net
Forward Resolution: Confirmed
---
Risk Assessment
Risk Score: 40/100 (Moderate Risk)
Abuse Confidence: Not explicitly scored
Blacklist Status: 0 blacklists
Risk Factors:
- Located in high-abuse-density subnet (18.97.19.0/24)
- DNS hostname contains "scanner" designation
- 7 of 13 active siblings in subnet flagged as threats
- Subnet classification: high_abuse
Mitigating Factors:
- No open ports/services detected
- No known threat indicators or campaign associations
- No persistent malicious activity detected
- Provider infrastructure (AWS) with enterprise security controls
---
Neighborhood Context
Subnet: 18.97.19.187/24
Total Siblings: 13
Active Siblings: 10
Threat Siblings: 7
Abuse Density: 0.5385
Notable Neighbors:
| IP Address | Risk Score | Authority Score |
|---|---|---|
| 18.97.19.133 | 40 | 60 |
| 18.97.19.154 | 40 | 60 |
| 18.97.19.163 | 40 | 60 |
| 18.97.19.185 | 40 | 60 |
| 18.97.19.207 | 40 | 60 |
| 18.97.19.219 | 40 | 60 |
| 18.97.19.229 | 40 | 60 |
| 18.97.19.242 | 40 | 60 |
| 18.97.19.244 | 40 | 60 |
| 18.97.19.245 | 40 | 60 |
| 18.97.19.246 | 40 | 60 |
| 18.97.19.249 | 40 | 60 |
---
Temporal Analysis
Observations: 21 total historical signals
Ownership Stability: No changes detected
Threat Persistence: 0 days (no persistent malicious activity)
Recent Activity: Latest observations from 2026-06-15 show consistent high-abuse subnet classification
---
Threat Indicators
Threat Indicators: None detected
Campaign Associations: None
Known Attacker: No
Spam Source: No
Tor Exit Node: No
Proxy/VPN: No
---
Recommended Security Actions
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 18.97.19.187 -j DROP
# nftables
nft add rule inet filter input ip saddr 18.97.19.187 drop
# nginx
deny 18.97.19.187;
# pfSense
18.97.19.187/32
```
Cloud Platform Recommendations:
Cloudflare WAF:
```json
{
"description": "Block 18.97.19.187 β IPDebrief risk score 40",
"action": "block",
"filter": {
"expression": "ip.src eq 18.97.19.187"
}
}
```
AWS WAF:
```json
{
"Addresses": ["18.97.19.187/32"],
"Description": "IPDebrief risk 40"
}
```
---
Intelligence Narrative
IP 18.97.19.187 represents a moderate-risk AWS infrastructure endpoint operating within a high-abuse-density subnet. The DNS hostname "scanner-18-97-19-187.reposify.net" indicates the IP may be used for scanning operations or as part of a broader reconnaissance infrastructure. While no active open services were detected, the IP's contextual placement within a subnet containing 7 threat siblings warrants defensive monitoring.
The IP shows no signs of persistent malicious activity or known campaign associations. However, the combination of the scanner designation hostname and high-abuse subnet classification suggests this IP may be part of automated infrastructure that could be leveraged for reconnaissance or lateral movement attempts.
Recommended Action: Implement blocking at perimeter security controls. Given the moderate risk score and lack of immediate threat indicators, this should be combined with other contextual signals before enforcement. Monitor for any changes in service availability or behavioral patterns.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Technologies Inc. |
| ASN | AS14618 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | scanner-18-97-19-187.reposify.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | scanner-18-97-19-187.reposify.net |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| Closed Ports | 22, 25, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | Reposify |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 35% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 27% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-19 09:36:49 UTC |
| Last Seen | 2026-06-28 08:45:02 UTC |
| Profile Built | 2026-06-29 02:51:06 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 27 |
Full dossier details are available via our API.