47.128.112.224
# IP INTELLIGENCE BRIEFING
## Target: 47.128.112.224/32
EXECUTIVE SUMMARY
IP 47.128.112.224 is an Amazon Web Services EC2 instance deployed in Singapore (ap-southeast-1) with a moderate risk score of 40. While no direct threat indicators are present against this specific address, the hosting subnet (47.128.112.0/24) demonstrates elevated abuse characteristics with a 75% threat sibling ratio.
OWNERSHIP & INFRASTRUCTURE
- Provider: Amazon Web Services (AS16509)
- Organization: Amazon Data Services Singapore
- Network: ec2-47-128-112-224.ap-southeast-1.compute.amazonaws.com
- Geolocation: Singapore (1.35°N, 103.82°E), Asia/Singapore timezone
- Infrastructure Type: CloudCompute (AWS)
- Classification: Cloud Hosting Service
RISK PROFILE
| Metric | Value |
|---|---|
| Risk Score | 40 (Moderate Risk) |
| Abuse Confidence | Not explicitly scored |
| Blacklist Count | 1/8 DNSBL lists |
| Tor Exit Node | No |
| Known Attacker | No |
| Spam Source | No |
| Threat Persistence | 0 days |
| DNSSEC Valid | Yes |
NETWORK BEHAVIOR & SERVICES
- Open Ports: None detected (Firewalled / No Services)
- TLS Certificate: Not available
- HTTP Banner: Not available
- DNS Resolution: Forward confirmed to AWS compute hostname
- Email Reputation: SPF and DMARC records present
NEIGHBORHOOD ANALYSIS (47.128.112.0/24)
| Metric | Value |
|---|---|
| Total Subnet Siblings | 100 |
| Active Siblings | 68 |
| Threat Siblings | 75 |
| Abuse Density | 0.75 |
| Subnet Classification | High Abuse |
| Inherited Risk | 30 |
Findings: The /24 subnet exhibits significant abuse density with 75% of active IPs flagged as threats. This contextual risk factor suggests the broader subnet may host compromised or malicious infrastructure, though 47.128.112.224 itself shows no direct threat indicators.
THREAT OBSERVATION HISTORY
Recent signal observations (2026-06-14):
- Subnet abuse density consistently reported at 0.75 (high_abuse)
- No ownership changes detected
- No persistent malicious behavior observed
- Single threat observation recorded
RELATIONSHIPS & ASSOCIATIONS
- Network: AMAZON-SIN (Singapore AWS data center)
- DNS Hostnames: ec2-47-128-112-224.ap-southeast-1.compute.amazonaws.com
- Related Entities: 33 total relationships detected
RECOMMENDED ACTIONS
#### Firewall Rules
```bash
# iptables
iptables -A INPUT -s 47.128.112.224 -j DROP
# nftables
nft add rule inet filter input ip saddr 47.128.112.224 drop
# nginx
deny 47.128.112.224;
# pfSense
47.128.112.224/32
# Cloudflare WAF
{"description":"Block 47.128.112.224 β IPDebrief risk score 40","action":"block"}
# AWS WAF
{"Addresses":["47.128.112.224/32"],"Description":"IPDebrief risk 40"}
```
#### Monitoring Recommendations
1. Block inbound traffic from this IP at perimeter firewall
2. Monitor subnet activity for emerging threats in 47.128.112.0/24
3. Review outbound connections to this IP from internal systems
4. Update blocklists with current DNSBL entries
5. Reassess periodically due to high-abuse neighborhood context
CONCLUSION
IP 47.128.112.224 presents moderate risk with no direct threat indicators. However, the elevated abuse density of its hosting subnet warrants defensive blocking and continued monitoring. The IP is best classified as a cloud infrastructure endpoint with contextual neighborhood risk.
Classification: Moderate Risk / Cloud Infrastructure / High-Abuse Neighborhood
Action Required: Block at perimeter, monitor subnet activity
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Singapore |
| ASN | AS16509 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-47-128-112-224.ap-southeast-1.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-47-128-112-224.ap-southeast-1.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-10 16:14:38 UTC |
| Last Seen | 2026-06-27 18:01:39 UTC |
| Profile Built | 2026-06-28 12:06:47 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 27 |
Full dossier details are available via our API.