IPDebrief

47.128.111.109

IP Intelligence Dossier
Your IP: 216.73.216.123
{ } JSON πŸ”§ Full Actions API
πŸ€– Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IP Intelligence Briefing: 47.128.111.109/32

Classification: Moderate Risk Cloud Infrastructure

Analysis Date: 2026-06-28

Status: Active Monitoring Required

---

## Executive Summary

IP address 47.128.111.109 is a cloud compute instance hosted by Amazon Web Services (AWS) in the Singapore region. The IP registered a moderate risk score of 40 and operates within a /24 subnet classified as high-abuse density. The address resolves to an AWS EC2 hostname and shows no currently open services, indicating proper firewall configuration. Historical observation data reveals 24 signal observations with recurring threat-related classifications.

---

## Infrastructure Profile

Ownership & Registration:

Geolocation:

DNS Resolution:

---

## Threat Assessment

Risk Score: 40 (Moderate Risk)

Abuse Confidence: No active indicators detected

Blacklist Status: 0 blacklist entries (1 DNSBL listing in control plane data)

Campaign Correlation: None detected

Tor/Proxy Status: Not identified as Tor exit node, proxy, or known attacker

Historical Signal Evolution:

---

## Neighborhood Analysis

Subnet: 47.128.111.0/24

Total Siblings: 35

Active Siblings: 25

Threat Siblings: 21

Risk Distribution:

Abuse Density: 0.6 (High abuse classification)

The subnet shows elevated abuse activity with 21 out of 35 total siblings flagged as threat-related. This suggests the /24 block hosts multiple cloud instances with security concerns.

---

## Network Relationships

Identified Associations:

Total of 45 relationships identified, primarily DNS and network-level associations with AWS infrastructure.

---

## Recommended Actions

Based on the risk profile, the following defensive measures are recommended:

Firewall Rules:

Cloud Security:

Additional Context:

---

## Intelligence Notes

This IP operates within AWS cloud infrastructure in Singapore and shows no current service exposure. However, the elevated neighborhood abuse density and historical threat observations warrant continued monitoring. The moderate risk score combined with the high-abuse subnet classification suggests this IP may be associated with legitimate cloud services that have experienced compromise or is part of shared infrastructure hosting potentially malicious activity.

Priority: Medium

Action Required: Implement firewall blocking; monitor for associated traffic patterns

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

CountryπŸ‡ΈπŸ‡¬ Singapore
RegionSG
CitySingapore
TimezoneAsia/Singapore
Latitude1.35
Longitude103.82

🏒 Ownership & Registration

OrganizationAmazon Data Services Singapore
ASNAS16509
Network Nameβ€”
CIDR Blockβ€”
RIRARIN
Countryβ€”
Abuse ContactAvailable via RDAP

🌐 DNS Intelligence

PTRec2-47-128-111-109.ap-southeast-1.compute.amazonaws.com
Forward ConfirmedYes β€” FCrDNS verified
Forward Hostnamesec2-47-128-111-109.ap-southeast-1.compute.amazonaws.com

πŸ” DNS Hygiene

Hygiene Score80% (Excellent)
SPFPresent
DMARCPresent
FCrDNSVerified
DNSSECValid
CAANot configured

☁️ Network Classification

InfrastructureInfrastructure / Datacenter
Service PurposeFirewalled / No Services
Network TierHosting β€” Infrastructure provider without advanced routing
CloudHosting

πŸ”Œ Services & Open Ports

PortServiceProtocolBanner
No open ports detected
Closed Ports22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned)
Serverβ€”
HTTP Titleβ€”

πŸ” TLS Certificate

πŸ”’
No certificate
Issued by β€”
N/A
SANsNone
Valid Fromβ€”
Valid Untilβ€”

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

DimensionScoreSourcesObservations
threat
30%
24
routing
8%
11
services
15%
22
ownership
24%
23
reputation
30%
13
geolocation
31%
23
Overall23%1016
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
Data CoherenceConsistent (100%)
AttributionModerate (70%)
OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

πŸ“… Observation Timeline πŸ”„ Live

First Seen2026-05-14 13:24:54 UTC
Last Seen2026-06-28 01:00:02 UTC
Profile Built2026-06-29 01:04:54 UTC
Data FreshnessLive
Signal Types22
Total Observations27
πŸ” 22 signal types Β· 27 observations collected
This report is generated from 22+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.
{ } JSON API πŸ”§ Actions API πŸ“§ Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata β€” IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.