IP Intelligence Briefing: 47.128.112.238
Date: 2026-06-11
---
**1. Core Profile**
- Reputation: Moderate Risk (Risk Score: 40)
- Provider: Amazon Web Services (AWS)
- Ownership: Owned by Amazon Data Services Singapore (ASN: 16509, Netname: AMAZON-SIN)
- Geolocation:
- Country: United States (US)
- Region: Illinois (US-IL)
- City: Chicago
- Timezone: America/Chicago
- Network Role:
- Type: Cloud Compute (AWS infrastructure)
- Classification: Firewalled / No Services
- Subnet: 47.128.112.238/24 (High Abuse Density: 69%)
---
**2. Threat Indicators**
- Malicious Activity: No detected indicators (no blacklists, spam, or campaigns).
- DNS Associations:
- Linked to AWS EC2 hostname: `ec2-47-128-112-238.ap-southeast-1.compute.amazonaws.com`.
- Subnet Risk:
- Abuse Density: 69% (high risk).
- Threat Siblings: 69 IPs in the subnet show malicious activity.
---
**3. Historical Observations**
- Geolocation Discrepancy:
- Conflicting data shows the IP resolving to Singapore (latitude: 1.2872, longitude: 103.8507) despite AWS ownership.
- Stability:
- Subnet route stability: Unstable (route changes detected).
- No persistent malicious activity over 30 days.
---
**4. Relationships**
- Network:
- Same network as AMAZON-SIN (AWS).
- DNS:
- Direct association with AWS EC2 instances.
---
**5. Neighborhood Analysis**
- Subnet: 47.128.112.238/24
- Sibling IPs:
- 100 total IPs in subnet; 59 active, 69 flagged as malicious.
- Risk Distribution: 88 medium-risk IPs, 11 low-risk IPs.
---
**6. Recommended Actions**
- Monitoring:
- Investigate geolocation discrepancies (potential misattribution or spoofing).
- Monitor subnet for anomalous traffic due to high abuse density.
- Firewall Rules:
- iptables: `iptables -A INPUT -s 47.128.112.238 -j DROP`
- Cloudflare WAF: Block IP with rule: `ip.src eq 47.128.112.238`
- AWS WAF: Add rule: `47.128.112.238/32`
---
Conclusion:
The IP is part of AWS infrastructure and appears legitimate. However, its subnet (47.128.112.238/24) has a high abuse density, suggesting potential risks. While the IP itself shows no direct malicious activity, the network environment warrants further investigation. SOC teams should prioritize monitoring this subnet for suspicious behavior and validate geolocation inconsistencies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Singapore |
| ASN | AS16509 |
| Network Name | AMAZON-SIN |
| CIDR Block | 47.128.0.0/14 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-47-128-112-238.ap-southeast-1.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-47-128-112-238.ap-southeast-1.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 19% | 2 | 2 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 17% | 9 | 11 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-28 18:35:07 UTC |
| Last Seen | 2026-06-29 05:52:02 UTC |
| Profile Built | 2026-06-29 05:52:57 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.