IPDebrief

18.97.26.108

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP INTELLIGENCE BRIEFING: 18.97.26.108/32

## Executive Summary

IP 18.97.26.108 is classified as Moderate Risk (Risk Score: 40/100). The address belongs to Amazon Web Services cloud infrastructure in Ashburn, Virginia, with associated DNS hostname scanner-18-97-26-108.reposify.net. No direct threat indicators detected, though the /24 subnet exhibits elevated abuse density (61.54%).

## Ownership and Infrastructure

AttributeValue
**ASN**14618 (Amazon Technologies Inc.)
**Organization**Amazon Web Services
**Location**Ashburn, VA, US (39.04°N, -77.49°W)
**Classification**Cloud Infrastructure
**BGP Prefix**18.97.0.0/18
**Service Status**Firewalled / No Services Detected

## Threat Assessment

## Network Context and Neighborhood

The subnet shows significant activity with 8 of 13 neighbors flagged as threat sources, indicating this is an active cloud infrastructure block with mixed legitimate and potentially malicious endpoints.

## DNS and Service Analysis

## Historical Observations

26 observations recorded. Recent signals (June 2026) confirm:

## Relationship Graph

54 relationships identified:

## Recommended Security Actions

Based on risk profile, the following rules are recommended:

SystemRule
**iptables**`iptables -A INPUT -s 18.97.26.108 -j DROP`
**nftables**`nft add rule inet filter input ip saddr 18.97.26.108 drop`
**nginx**`deny 18.97.26.108;`
**pfSense**`18.97.26.108/32`
**Cloudflare WAF**Block IP 18.97.26.108
**AWS WAF**Block CIDR 18.97.26.108/32

## Analyst Assessment

IP 18.97.26.108 represents AWS cloud infrastructure with moderate risk classification. The absence of open services and threat indicators suggests this may be a legitimate cloud endpoint or monitoring tool. However, the elevated neighborhood abuse density warrants caution. Blocking is recommended as a precautionary measure, particularly given 1 DNSBL listing and the subnet's high abuse classification. SOC teams should correlate with other indicators (e.g., source port patterns, request frequency) before implementing permanent blocks.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΊπŸ‡Έ United States
RegionVA
CityAshburn
TimezoneAmerica/New_York
Latitude39.04
Longitude-77.49

🏒 Ownership & Registration

OrganizationAmazon Technologies Inc.
ASNAS14618
Network Nameβ€”
CIDR Blockβ€”
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTRscanner-18-97-26-108.reposify.net
Forward ConfirmedYes β€” FCrDNS verified
Forward Hostnamesscanner-18-97-26-108.reposify.net

πŸ” DNS Hygiene

Hygiene Score60% (Good)
SPFPresent
DMARCNot configured
FCrDNSVerified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierHosting β€” Infrastructure provider without advanced routing
CloudHosting

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
ServerReposify
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
29%
24
routing
8%
11
services
24%
23
ownership
20%
23
reputation
28%
13
geolocation
30%
23
Overall23%1017
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (70%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-07 23:03:57 UTC
Last Seen2026-06-27 02:27:58 UTC
Profile Built2026-06-27 20:34:20 UTC
Data FreshnessLive
Signal Types24
Total Observations29
πŸ” 24 signal types Β· 29 observations collected
This report is generated from 24+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.