# IP Intelligence Briefing: 35.156.201.6/32
Classification: LOW RISK
Date of Analysis: 2026-06-20
Prepared For: SOC Operations
---
## Executive Summary
IP address 35.156.201.6 was analyzed and classified as low risk with a risk score of 0. The IP is identified as an Amazon Web Services (AWS) EC2 instance in Frankfurt, Germany, operating a public web server with standard e-commerce or business functionality. No malicious indicators, blacklists, or threat associations were detected.
---
## Ownership and Infrastructure
| Attribute | Value |
|---|---|
| **ASN** | 16509 (Amazon.com, Inc.) |
| **Organization** | A100 ROW GmbH |
| **CIDR Block** | 35.156.0.0/14 |
| **ISP/Provider** | Amazon Web Services (AWS) |
| **Geolocation** | Frankfurt, Hesse, DE (50.11°N, 8.68°E) |
| **Timezone** | Europe/Berlin |
The IP resolves to hostname `ec2-35-156-201-6.eu-central-1.compute.amazonaws.com` with reverse DNS confirmation. Forward resolution is consistent with AWS infrastructure patterns.
---
## Network Services and Configuration
Open Ports:
- TCP/80 (HTTP)
- TCP/443 (HTTPS)
- TCP/22 (SSH)
Web Server Configuration:
- Server: nginx/1.25.5
- HTTP/2.0 enabled
- HSTS configured (max-age=31536000; includeSubDomains)
- Content Security Policy (CSP) active
- Content-Type Options header present
- Robots.txt present (disallow all)
SSL/TLS Certificate:
- Issuer: Let's Encrypt
- Subject: work.aigentifyable.com
- Certificate chain valid
DNS Security:
- DNSSEC: Valid
- SPF: Present
- DMARC: Present
- RPKI State: Inferred as valid
---
## Threat Assessment
| Indicator | Status |
|---|---|
| **Risk Score** | 0 |
| **Abuse Confidence Score** | Not applicable |
| **Blacklist Count** | 0 |
| **Known Campaigns** | None |
| **Tor Exit Node** | No |
| **Known Attacker** | No |
| **Spam Source** | No |
| **DNSBL Lists** | 0/8 |
| **Threat Persistence Days** | 0 |
No threat indicators, malware signatures, or attack campaign associations were identified in the threat feed analysis.
---
## Historical Observations
Twenty-three signal observations were recorded, with the most recent activity on 2026-06-20. Historical trends indicate:
- Infrastructure Consistency: Cloud infrastructure classification (AWS) maintained across all observations
- Location Stability: Frankfurt, DE location consistently reported
- Routing Stability: BGP route stable with no recent route changes
- Operator Score: 0.4783 (Basic) - consistent across observations
- HTTP Response: Status 200 with HSTS enabled throughout observation period
No degradation in security posture or emergence of malicious behavior was observed over the observation window.
---
## Network Relationships
DNS Associations:
- ec2-35-156-201-6.eu-central-1.compute.amazonaws.com (primary)
Network Relationships:
- Same Network: AMAZO-ZFRA
- Total Relationships: 40
The IP maintains standard AWS EC2 naming conventions with no anomalous associations to third-party infrastructure.
---
## Neighborhood Analysis
Subnet: 35.156.201.6/24
- Abuse Density: 0 (mostly clean)
- Neighbor Count: 1 active sibling
- Threat Siblings: 1
- Inherited Risk: 2
The /24 subnet shows minimal abuse activity. The single threat sibling represents typical AWS infrastructure risk rather than coordinated malicious activity.
---
## Recommended Actions
Current Risk Level: Low
No immediate mitigation actions are recommended based on this analysis. The IP address operates within standard AWS cloud infrastructure parameters with proper security configurations (HSTS, CSP, DNSSEC, SPF, DMARC).
Suggested Monitoring:
- Continue passive observation for behavioral anomalies
- Monitor for changes in TLS certificate or service configuration
- Track for any emergence of blacklist associations
---
## Conclusion
IP address 35.156.201.6 represents benign AWS infrastructure hosting a public web server with appropriate security configurations. No defensive actions are required at this time. Standard logging and monitoring practices apply.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | A100 ROW GmbH |
| ASN | AS16509 |
| Network Name | โ |
| CIDR Block | 35.156.0.0/14 |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | ec2-35-156-201-6.eu-central-1.compute.amazonaws.com |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | ec2-35-156-201-6.eu-central-1.compute.amazonaws.com |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 2/2 domains |
| DMARC | 2/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown โ Insufficient routing data to classify |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.25.5 |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
๐ TLS Certificate
| SANs | work.aigentifyable.com |
| Valid From | 2026-05-01T02:02:32+00:00 |
| Valid Until | 2026-07-30T02:02:31+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 056AE18D4971C8644FC7E8C610B2D9622102 |
| Thumbprint | 8C9D76032F1B0AFFC918154784BE81A1D1951203 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 30% | 2 | 3 |
| ownership | 27% | 3 | 4 |
| reputation | 26% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 29% | 12 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-19 15:38:50 UTC |
| Last Seen | 2026-06-28 09:18:25 UTC |
| Profile Built | 2026-06-29 03:22:57 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 31 |
Full dossier details are available via our API.