18.97.19.249
IP Intelligence Briefing: 18.97.19.249
Date: 2026-06-11
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Ownership: Amazon Technologies Inc. (ASN 14618)
- Geolocation: Ashburn, VA, US (39.04°N, -77.49°E)
- Network Role: AWS Cloud infrastructure (no services exposed)
- Threat Indicators: No malicious activity detected (zero threat feeds, no abuse confidence score).
---
**2. Network Context**
- Subnet: 18.97.19.249/24
- Subnet Abuse Density: 36.36% (mixed risk; 4/11 siblings flagged as threats).
- Neighbors:
- 3 IPs with medium risk (25β50 score).
- 9 IPs with low risk (0β25 score).
- No high-risk neighbors.
---
**3. Historical Observations**
- Last 30 Days:
- Stable ownership (Amazon AWS).
- No persistent threats or malicious activity.
- Subnet abuse density increased slightly (0.3077β0.3636).
---
**4. Relationships**
- DNS Associations:
- Linked to `scanner-18-97-19-249.reposify.net` (PTR confirmed).
- Network Relationships:
- Part of AWS subnet `AT-88-Z` (AS14618).
- No direct ties to known malicious organizations or campaigns.
---
**5. Security Recommendations**
- Firewall Rules:
- iptables: `iptables -A INPUT -s 18.97.19.249 -j DROP`
- Cloudflare WAF: Block IP with rule `ip.src eq 18.97.19.249`
- AWS WAF: Add `18.97.19.249/32` to IP set.
- Monitoring:
- Track subnet abuse density trends (current 36.36% is elevated).
- Monitor for unexpected DNS activity or service exposure.
---
Conclusion:
The IP is part of AWS infrastructure with no direct malicious indicators. However, its subnet contains mixed-risk neighbors, warranting closer monitoring. Block the IP to mitigate potential lateral movement risks within the network.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Technologies Inc. |
| ASN | AS14618 |
| Network Name | AT-88-Z |
| CIDR Block | 18.32.0.0/11 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | scanner-18-97-19-249.reposify.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | scanner-18-97-19-249.reposify.net |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | Reposify |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 32% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 32% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 27% | 10 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-26 06:50:30 UTC |
| Last Seen | 2026-06-29 02:46:03 UTC |
| Profile Built | 2026-06-29 08:48:14 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 25 |
Full dossier details are available via our API.