IPDebrief

13.229.91.176

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 13.229.91.176

Classification: Cloud Infrastructure Endpoint

Risk Level: Moderate Risk (Score: 50)

Reporting Date: 2026-06-14

---

## Executive Summary

IP address 13.229.91.176 is an Amazon Web Services (AWS) EC2 instance deployed in Singapore (ap-southeast-1). The endpoint exhibits moderate risk characteristics typical of cloud computing infrastructure. No active threat indicators were detected, but the IP shows one DNSBL listing and operates within a subnet with marginal abuse density. The IP is classified as a hosting provider resource with firewalled/no active services detected.

---

## Technical Profile

Network Identity:

Geolocation:

Infrastructure Classification:

---

## Threat Assessment

Current Threat Indicators:

Reputation Sources:

Network Role:

---

## Neighborhood Analysis

Subnet: 13.229.91.176/24

Assessment: The /24 subnet shows minimal abuse activity. The single threat sibling indicates one potentially compromised address in the immediate neighborhood, though the target IP itself shows no direct threat associations.

---

## Relationship Graph

Identified Associations (44 total relationships):

Correlated Entities:

---

## Observation History

Monitoring Period: 30 observations recorded

Recent Signal Timeline:

Temporal Analysis:

---

## Recommended Actions

Firewall/Security Recommendations:

1. Allow List Consideration: This IP is a legitimate AWS infrastructure endpoint. If traffic is expected from this location (Singapore), allowlist the IP or CIDR block 13.229.91.0/24.

2. Monitoring: Continue monitoring the subnet 13.229.91.0/24 due to one identified threat sibling. While the target IP shows no direct threats, the neighborhood warrants periodic review.

3. DNSBL Check: The IP appears in 1 DNSBL. Investigate the specific blacklist to determine if listing is justified (potential false positive for cloud infrastructure) or if it indicates reputation concerns.

4. Traffic Analysis: Review traffic patterns to/from this IP. Cloud hosting resources may generate legitimate traffic but should be evaluated against baseline traffic expectations for your organization.

5. No Immediate Block: Based on current risk assessment, blocking is not recommended. The IP exhibits standard cloud infrastructure behavior with no active threat indicators.

---

Analyst Notes: This IP represents standard AWS cloud hosting infrastructure in Singapore. The moderate risk score (50) reflects the inherent risk associated with cloud environments rather than malicious activity. SOC teams should evaluate traffic from this IP based on organizational policies for cloud provider traffic rather than threat-based blocking.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΈπŸ‡¬ Singapore
RegionSG
CitySingapore
TimezoneAsia/Singapore
Latitude1.35
Longitude103.82
πŸ›‘οΈ Platform Security History
EnumerationPath/resource enumeration1
Total events: 1
Observed on 2026-05-14

🏒 Ownership & Registration

OrganizationAmazon Data Services Singapore
ASNAS16509
Network Nameβ€”
CIDR Block13.228.0.0/15
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTRec2-13-229-91-176.ap-southeast-1.compute.amazonaws.com
Forward ConfirmedYes β€” FCrDNS verified
Hosted Domainec2-13-229-91-176.ap-southeast-1.compute.amazonaws.com
Forward Hostnamesec2-13-229-91-176.ap-southeast-1.compute.amazonaws.com

πŸ” DNS Hygiene

Hygiene Score80% (Excellent)
SPFPresent
DMARCPresent
FCrDNSVerified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierHosting β€” Infrastructure provider without advanced routing
CloudHosting

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
25%
24
routing
26%
24
services
15%
22
ownership
22%
34
reputation
24%
13
geolocation
33%
23
Overall24%1220
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (70%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-14 09:12:11 UTC
Last Seen2026-06-28 00:36:24 UTC
Profile Built2026-06-28 18:41:43 UTC
Data FreshnessLive
Signal Types31
Total Observations36
πŸ” 31 signal types Β· 36 observations collected
This report is generated from 31+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.