13.229.91.176📋 Copy

# IP Intelligence Briefing: 13.229.91.176

Classification: Cloud Infrastructure Endpoint

Risk Level: Moderate Risk (Score: 50)

Reporting Date: 2026-06-14

---

## Executive Summary

IP address 13.229.91.176 is an Amazon Web Services (AWS) EC2 instance deployed in Singapore (ap-southeast-1). The endpoint exhibits moderate risk characteristics typical of cloud computing infrastructure. No active threat indicators were detected, but the IP shows one DNSBL listing and operates within a subnet with marginal abuse density. The IP is classified as a hosting provider resource with firewalled/no active services detected.

---

## Technical Profile

Network Identity:

• ASN: 16509 (Amazon Data Services Singapore)
• Organization: Amazon Data Services Singapore
• BGP Prefix: 13.228.0.0/15
• Route Stability: Stable (0 route changes in 30 days)
• DNSSEC: Valid
• RPKI State: Not assessed

Geolocation:

• Country: Singapore (SG)
• City: Singapore
• Coordinates: 1.35° N, 103.82° E
• GeoSource Consensus: Confirmed (2 sources)
• Accuracy Radius: 150 km

Infrastructure Classification:

• Type: CloudCompute / Hosting
• Provider: Amazon Web Services
• DNS PTR: ec2-13-229-91-176.ap-southeast-1.compute.amazonaws.com
• Forward Resolution: Confirmed (amazonaws.com domain)

---

## Threat Assessment

Current Threat Indicators:

• Known Attacker: No
• Spam Source: No
• Tor Exit Node: No
• Blacklist Count: 0
• Pulsedive Risk: Not assessed
• Known Campaigns: None

Reputation Sources:

• No active reputation sources identified
• DNSBL Listed: 1 out of 8 total lists assessed

Network Role:

• Connection Type: Cloud infrastructure
• Services: Firewalled / No services detected
• Open Ports: None
• TLS Certificates: None

---

## Neighborhood Analysis

Subnet: 13.229.91.176/24

• Abuse Density: 1 (low)
• Classification: mostly_clean
• Total Siblings: 1
• Active Siblings: 1
• Threat Siblings: 1

Assessment: The /24 subnet shows minimal abuse activity. The single threat sibling indicates one potentially compromised address in the immediate neighborhood, though the target IP itself shows no direct threat associations.

---

## Relationship Graph

Identified Associations (44 total relationships):

• Network: AMAZON-SIN (primary AWS Singapore network)
• DNS: ec2-13-229-91-176.ap-southeast-1.compute.amazonaws.com (multiple DNS entries)

Correlated Entities:

• No certificate matches
• No banner matches
• No correlated IPs beyond AWS infrastructure

---

## Observation History

Monitoring Period: 30 observations recorded

Recent Signal Timeline:

• 2026-06-14 22:34:39 — Cloud infrastructure classification (AWS), confidence: 85%
• 2026-06-14 22:30:26 — Operator score assessment (Basic, 0.2609), confidence: 60%
• 2026-06-14 22:30:23 — Singapore geolocation inference, confidence: 56%
• 2026-06-14 22:29:50 — Singapore geolocation (MaxMind GeoLite2), confidence: 70%

Temporal Analysis:

• Ownership Changes: 0
• Threat Persistence: 0 days
• Threat Observation Count: 1
• Persistently Malicious: No

---

## Recommended Actions

Firewall/Security Recommendations:

1. Allow List Consideration: This IP is a legitimate AWS infrastructure endpoint. If traffic is expected from this location (Singapore), allowlist the IP or CIDR block 13.229.91.0/24.

2. Monitoring: Continue monitoring the subnet 13.229.91.0/24 due to one identified threat sibling. While the target IP shows no direct threats, the neighborhood warrants periodic review.

3. DNSBL Check: The IP appears in 1 DNSBL. Investigate the specific blacklist to determine if listing is justified (potential false positive for cloud infrastructure) or if it indicates reputation concerns.

4. Traffic Analysis: Review traffic patterns to/from this IP. Cloud hosting resources may generate legitimate traffic but should be evaluated against baseline traffic expectations for your organization.

5. No Immediate Block: Based on current risk assessment, blocking is not recommended. The IP exhibits standard cloud infrastructure behavior with no active threat indicators.

---

Analyst Notes: This IP represents standard AWS cloud hosting infrastructure in Singapore. The moderate risk score (50) reflects the inherent risk associated with cloud environments rather than malicious activity. SOC teams should evaluate traffic from this IP based on organizational policies for cloud provider traffic rather than threat-based blocking.

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.