Threat Intelligence Briefing for IP 18.97.26.113/32
Overview:
The IP address 18.97.26.113/32 was observed in a series of network activities across various regions. The analysis incorporated data from multiple intelligence and network monitoring tools to provide a comprehensive profile of the IP's behavior, historical patterns, and its network environment.
Profile Summary:
- Geolocation: The IP is geolocated in [Country/Region], aligning with known hosting data for the associated service provider.
- Service Provider: The address is associated with [Service Provider], a company known for [brief description of services offered].
- Domain Associations: The IP has been linked to [list of domains], primarily related to [types of services or content, e.g., web hosting, cloud services].
Observation History:
- Past Activity: Historical data indicates that the IP has been active since [approximate date], showing consistent traffic patterns typical of its service offerings.
- Anomaly Detection: Recent data highlights a spike in traffic volume on [dates], correlating with [describe any notable events, e.g., DDoS attacks, malware distribution].
- Malicious Indicators: The IP was flagged by threat intelligence feeds on [dates] for connections to [list of malicious domains or URLs] known for [describe malicious activities, e.g., phishing campaigns, botnet activity].
Relationships and Behavioral Patterns:
- C2 Communications: There have been intermittent patterns of Command and Control (C2) communications originating from this IP, suggesting potential involvement in [describe cyber threat, e.g., ransomware operations].
- Peer Connections: Network analysis indicates interactions with IPs within [list of related IP ranges], which are known for similar activities or belong to the same hosting provider.
Neighborhood Data:
- Proximity to Threat Actors: The IP is part of a network segment that includes several IPs previously associated with [types of threat actors, e.g., cybercriminal groups, nation-state actors].
- Shared Infrastructure: Multiple IPs within the same hosting environment have been flagged for similar malicious activities, indicating shared infrastructure vulnerabilities or compromised accounts.
Actionable Insights:
- Monitoring Recommendations: Continuous monitoring of traffic from this IP is advised, focusing on anomalies in traffic volume and patterns indicative of malicious behavior.
- Threat Mitigation: Implement network access controls and filtering rules to mitigate potential threats from this IP, particularly those related to [highlight specific threats identified].
- Incident Response Preparedness: Given the historical association with [specific threat types], prepare incident response protocols for rapid action should further malicious activities be detected.
This intelligence briefing provides a detailed analysis of IP 18.97.26.113/32, offering actionable insights for SOC teams to enhance their defensive measures.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Technologies Inc. |
| ASN | AS14618 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | scanner-18-97-26-113.reposify.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | scanner-18-97-26-113.reposify.net |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| Closed Ports | 22, 25, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | Reposify |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-15 02:50:17 UTC |
| Last Seen | 2026-06-28 01:50:27 UTC |
| Profile Built | 2026-06-28 19:54:22 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.