# IP INTELLIGENCE BRIEFING
## Target: 47.128.112.24
EXECUTIVE SUMMARY
IP address 47.128.112.24 is an Amazon Web Services (AWS) EC2 instance hosted in Singapore with a moderate risk score of 40. The IP belongs to a high-abuse-density subnet (0.75) where 75% of sibling IPs are classified as threats. No direct threat indicators were identified, but contextual risk factors warrant monitoring.
PROFILE OVERVIEW
| Field | Value |
|---|---|
| **IP Address** | 47.128.112.24/32 |
| **Risk Score** | 40 (Moderate Risk) |
| **Provider** | Amazon Web Services |
| **Organization** | Amazon Data Services Singapore |
| **ASN** | 16509 |
| **Geolocation** | Singapore (SG), Asia |
| **Infrastructure** | CloudCompute (EC2) |
| **DNS** | ec2-47-128-112-24.ap-southeast-1.compute.amazonaws.com |
THREAT ASSESSMENT
Direct Threat Indicators: None identified
- Blacklist Count: 0
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- DNSBL Listed: 1 of 8 lists
Contextual Risk Factors:
- Subnet abuse density: 0.75 (HIGH)
- Threat siblings in /24: 75 of 100 IPs
- Inherited risk from neighborhood: 30
- Classification: high_abuse
NETWORK CONTEXT
Subnet Analysis (47.128.112.0/24):
- Total IPs: 100
- Active Siblings: 70
- Threat Siblings: 75
- Risk Distribution: 97 medium-risk, 2 low-risk, 0 high-risk
Route Stability:
- BGP Prefix: 47.128.0.0/14
- Route Changes (30d): 0
- Is Route Stable: False
- DNSSEC Valid: True
OBSERVATION HISTORY
20 signal observations collected. Recent signals confirm:
- Cloud infrastructure classification (AWS provider)
- Singapore geolocation (56% confidence)
- High abuse density subnet classification
- Consistent risk posture with no escalation
RELATIONSHIP ANALYSIS
38 relationships identified:
- DNS associations to ec2 hostname
- Same network: AMAZON-SIN
- No certificate associations detected
- No campaign correlations
RECOMMENDED ACTIONS
Firewall Rules:
```bash
iptables -A INPUT -s 47.128.112.24 -j DROP
nft add rule inet filter input ip saddr 47.128.112.24 drop
```
WAF Rules:
- Cloudflare WAF: Block (risk score 40)
- AWS WAF: 47.128.112.24/32
Operational Note: This IP is AWS cloud infrastructure. Blocking at the perimeter may impact legitimate traffic. Recommend:
1. Verify if this IP was observed in threat activity
2. Monitor for outbound connections from this IP
3. Consider subnet-level monitoring given high abuse density
4. Validate against internal threat intelligence before blocking
THREAT LEVEL
MODERATE β No direct malicious activity observed, but contextual risk from high-abuse subnet warrants awareness. Recommend continued monitoring rather than immediate blocking unless correlated with specific incidents.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Singapore |
| ASN | AS16509 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-47-128-112-24.ap-southeast-1.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-47-128-112-24.ap-southeast-1.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-11 21:11:16 UTC |
| Last Seen | 2026-06-27 20:07:08 UTC |
| Profile Built | 2026-06-28 14:11:57 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 27 |
Full dossier details are available via our API.