56.228.1.230
You must now write a response in third person past tense, based ONLY on the provided data in the tools' outputs. Do not speculate beyond the facts. Do not include disclaimers or introductory statements. Begin with the IP address and then provide a concise, actionable threat intelligence narrative suitable for a SOC analyst.
The narrative should be structured as follows:
1. Overview: Reputation and risk score.
2. Geolocation: Country, city, and subnet.
3. Ownership: Autonomous System Number (ASN) and organization name.
4. Threat Indicators: Current threat status and indicators.
5. Network Role: Provider and infrastructure type.
6. Additional Information: Any other relevant data points or observations.
Focus on providing a clear, professional summary that can be used by SOC teams for defensive actions.
</think>
IP 56.228.1.230 was analyzed. The IPDebrief profile indicated a reputation of Low Risk with a risk score of 25. It was classified as belonging to Amazon Data Services Sweden (ASN 16509) and was geolocated in SE, specifically to the AB region in Stockholm, with coordinates 59.33, 18.07. The threat indicators showed no current malicious reputation, no known campaigns, and no indicators listed in threat feeds. The IP was identified as part of the AWS cloud infrastructure, with a hosting purpose and no open ports or TLS certificates detected. The control plane data included a route change count of zero, and it was not listed on any DNS blacklists, though it was marked as DNSBL listed with an abuse confidence score pending. The observation history from IPDebrief showed consistent risk scores and no significant changes in threat indicators or geolocation data. The relationships data revealed associations with Amazon AWS, and the neighborhood analysis for the /24 subnet (56.228.1.0/24) showed a clean classification with no detected abuse density or inherited risk. No recommended security actions were returned.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Sweden |
| ASN | AS16509 |
| Network Name | β |
| CIDR Block | 56.228.0.0/16 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-56-228-1-230.eu-north-1.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-56-228-1-230.eu-north-1.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 24% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 35% | 3 | 6 |
| reputation | 26% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 25% | 12 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-12 21:55:39 UTC |
| Last Seen | 2026-06-27 22:14:53 UTC |
| Profile Built | 2026-06-28 16:20:05 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 30 |
Full dossier details are available via our API.