47.128.112.21
## INTELLIGENCE BRIEFING: 47.128.112.21/32
Classification: Moderate Risk β Cloud Infrastructure
Date: 2026-06-14
Analyst: IPDebrief Intelligence
---
EXECUTIVE SUMMARY
IP address 47.128.112.21 is a legitimate Amazon Web Services (AWS) EC2 instance hosted in the Singapore region (ap-southeast-1). The IP carries a moderate risk score of 40/100 with no direct threat indicators. However, the associated /24 subnet exhibits high abuse density (0.75), suggesting elevated activity from neighboring addresses.
---
NETWORK OWNERSHIP & GEOLOCATION
| Attribute | Value |
|---|---|
| **Organization** | Amazon Data Services Singapore |
| **ASN** | 16509 |
| **Infrastructure Type** | CloudCompute |
| **Hosting Provider** | Amazon Web Services |
| **Geolocation** | Singapore, SG |
| **Coordinates** | 1.35°N, 103.82°E |
| **Region** | ap-southeast-1 |
| **Timezone** | Asia/Singapore |
| **CIDR Block** | 47.128.0.0/14 |
---
THREAT ASSESSMENT
Risk Profile: Moderate Risk (40/100)
Operator Score: 0.2609 (Basic)
Threat Indicators: None detected
Known Campaigns: None
Campaign Likelihood: None
Direct Threat Signals:
- Blacklist Status: 1 of 8 DNSBL lists (12.5% listing rate)
- Tor Exit Node: False
- Known Attacker: False
- Spam Source: False
- Abuse Confidence Score: Not available
Network Role:
- Cloud Infrastructure: Yes
- CDN: No
- VPN/Proxy: No
- Tor Network: No
- Bogon: No
- Mobile/Residential: No
---
DNS & HOSTNAME INTELLIGENCE
PTR Hostname: `ec2-47-128-112-21.ap-southeast-1.compute.amazonaws.com`
Forward Resolution: Confirmed (1 hostname)
Domain: amazonaws.com
Email Authentication: SPF and DMARC records present
Service Banner: No open ports detected (Firewalled / No Services)
---
SUBNET ANALYSIS (47.128.112.0/24)
Classification: high_abuse
Abuse Density: 0.75 (High)
Total Sibling IPs: 100
Active Siblings: 72
Threat Siblings: 75
Risk Distribution:
- High Risk: 0 IPs
- Medium Risk: 97 IPs
- Low Risk: 2 IPs
Inherited Risk: 30/100
Analysis: The /24 subnet is heavily utilized with AWS infrastructure. While the target IP shows moderate risk, the high abuse density indicates this subnet block has been associated with significant malicious activity. This warrants heightened monitoring of traffic patterns from this IP block.
---
OBSERVATION HISTORY
Total Observations: 19 signals collected
Latest Signals: 2026-06-14 (same day)
Temporal Indicators:
- Ownership Changes: 0
- Threat Persistence Days: 0
- Is Persistently Malicious: False
- Threat Observation Count: 1
The IP demonstrates stable ownership with no evidence of malicious persistence. Recent signals confirm consistent geolocation and network classification.
---
RELATIONSHIP GRAPH
Total Relationships: 39
Key Associations:
- Network: AMAZON-SIN (multiple entries)
- DNS: ec2-47-128-112-21.ap-southeast-1.compute.amazonaws.com
All relationships confirm AWS infrastructure ownership with no external or suspicious associations detected.
---
RECOMMENDED ACTIONS
Current Risk Level: Moderate β No immediate threat-based actions required
Recommended Firewall Rules (if blocking desired):
```bash
# iptables
iptables -A INPUT -s 47.128.112.21 -j DROP
# nftables
nft add rule inet filter input ip saddr 47.128.112.21 drop
# pfSense
47.128.112.21/32
# Cloudflare WAF
{"description":"Block 47.128.112.21 β IPDebrief risk score 40","action":"block","filter":{"expression":"ip.src eq 47.128.112.21"}}
# AWS WAF
{"Addresses":["47.128.112.21/32"],"Description":"IPDebrief risk 40"}
```
SOC Analyst Notes:
- No direct threat indicators detected on this IP
- Subnet-level abuse density warrants monitoring of related addresses
- Standard AWS cloud instance with no open services
- Recommended to monitor for anomalous behavior patterns rather than immediate blocking
- Consider blocking at subnet level (47.128.112.0/24) if threat activity is observed from sibling IPs
---
END OF BRIEFING
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Singapore |
| ASN | AS16509 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-47-128-112-21.ap-southeast-1.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-47-128-112-21.ap-southeast-1.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 22% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-13 19:05:25 UTC |
| Last Seen | 2026-06-27 23:53:13 UTC |
| Profile Built | 2026-06-28 17:59:07 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 26 |
Full dossier details are available via our API.