47.128.111.109
# IP Intelligence Briefing: 47.128.111.109/32
Classification: Moderate Risk Cloud Infrastructure
Analysis Date: 2026-06-28
Status: Active Monitoring Required
---
## Executive Summary
IP address 47.128.111.109 is a cloud compute instance hosted by Amazon Web Services (AWS) in the Singapore region. The IP registered a moderate risk score of 40 and operates within a /24 subnet classified as high-abuse density. The address resolves to an AWS EC2 hostname and shows no currently open services, indicating proper firewall configuration. Historical observation data reveals 24 signal observations with recurring threat-related classifications.
---
## Infrastructure Profile
Ownership & Registration:
- ASN: 16509
- Organization: Amazon Data Services Singapore
- CIDR Block: 47.128.0.0/14
- RIR: ARIN
- Infrastructure Type: CloudCompute
- Service Purpose: Firewalled / No Services
Geolocation:
- Country: Singapore (SG)
- City: Singapore
- Coordinates: 1.35°N, 103.82°E
- Timezone: Asia/Singapore
- Geo Validation: Plausible (ICMP validation blocked)
DNS Resolution:
- PTR Hostname: ec2-47-128-111-109.ap-southeast-1.compute.amazonaws.com
- Forward Resolution: Confirmed
- Hosted Domain: amazonaws.com
---
## Threat Assessment
Risk Score: 40 (Moderate Risk)
Abuse Confidence: No active indicators detected
Blacklist Status: 0 blacklist entries (1 DNSBL listing in control plane data)
Campaign Correlation: None detected
Tor/Proxy Status: Not identified as Tor exit node, proxy, or known attacker
Historical Signal Evolution:
- 24 total observations recorded
- Recent subnet abuse classification: High abuse (0.6 density)
- Threat persistence: 0 days
- Ownership stability: No changes recorded
---
## Neighborhood Analysis
Subnet: 47.128.111.0/24
Total Siblings: 35
Active Siblings: 25
Threat Siblings: 21
Risk Distribution:
- High Risk: 0 IPs
- Medium Risk: 26 IPs
- Low Risk: 12 IPs
Abuse Density: 0.6 (High abuse classification)
The subnet shows elevated abuse activity with 21 out of 35 total siblings flagged as threat-related. This suggests the /24 block hosts multiple cloud instances with security concerns.
---
## Network Relationships
Identified Associations:
- DNS Association: ec2-47-128-111-109.ap-southeast-1.compute.amazonaws.com
- Network: AMAZON-SIN
Total of 45 relationships identified, primarily DNS and network-level associations with AWS infrastructure.
---
## Recommended Actions
Based on the risk profile, the following defensive measures are recommended:
Firewall Rules:
- iptables: `iptables -A INPUT -s 47.128.111.109 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 47.128.111.109 drop`
- Nginx: `deny 47.128.111.109;`
Cloud Security:
- Cloudflare WAF: Block expression `ip.src eq 47.128.111.109`
- AWS WAF: Add address `47.128.111.109/32` to deny list
Additional Context:
- No open ports detected (properly firewalled)
- SPF and DMARC records present (email authentication configured)
- Consider blocking the entire /24 subnet given 0.6 abuse density
---
## Intelligence Notes
This IP operates within AWS cloud infrastructure in Singapore and shows no current service exposure. However, the elevated neighborhood abuse density and historical threat observations warrant continued monitoring. The moderate risk score combined with the high-abuse subnet classification suggests this IP may be associated with legitimate cloud services that have experienced compromise or is part of shared infrastructure hosting potentially malicious activity.
Priority: Medium
Action Required: Implement firewall blocking; monitor for associated traffic patterns
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Singapore |
| ASN | AS16509 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-47-128-111-109.ap-southeast-1.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-47-128-111-109.ap-southeast-1.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 30% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-14 13:24:54 UTC |
| Last Seen | 2026-06-28 01:00:02 UTC |
| Profile Built | 2026-06-29 01:04:54 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 27 |
Full dossier details are available via our API.