# IP INTELLIGENCE BRIEFING
## Target: 47.128.119.120/32
Date: June 2026
Classification: Moderate Risk
Provider: Amazon Web Services (AWS) β Singapore Region
---
EXECUTIVE SUMMARY
IP 47.128.119.120 is an AWS cloud infrastructure endpoint (EC2 instance) located in Singapore (ap-southeast-1). While the IP itself shows moderate risk (score: 50), it resides within a high-abuse subnet (47.128.119.0/24) with 68.18% abuse density. Recent observations indicate blacklist activity with high-severity listings.
---
INFRASTRUCTURE PROFILE
| Attribute | Value |
|---|---|
| **ASN** | 16509 (AMAZON-02) |
| **Organization** | Amazon Data Services Singapore |
| **Location** | Singapore, SG (1.35°N, 103.82°E) |
| **Network Role** | Cloud Compute (EC2) |
| **DNS Resolution** | ec2-47-128-119-120.ap-southeast-1.compute.amazonaws.com |
| **Forward Confirmed** | Yes |
---
THREAT INDICATORS
- Risk Score: 50 (Moderate Risk)
- Blacklist Status: Listed on 2 of 8 DNSBLs
- Known Campaigns: None detected
- Known Attacker: No
- Tor Exit/Proxy: No
- Recent Signals: June 20, 2026 β High-severity blacklist listings observed
---
SUBNET ANALYSIS (47.128.119.0/24)
| Metric | Value |
|---|---|
| **Abuse Density** | 0.6818 (68.18%) |
| **Classification** | HIGH_ABUSE |
| **Total Siblings** | 88 |
| **Active Siblings** | 63 |
| **Threat Siblings** | 60 |
| **Risk Distribution** | Medium: 88, Low: 6, High: 0 |
*Note: The subnet demonstrates elevated abuse activity. Correlation analysis recommended for similar IPs in the /24.*
---
OBSERVATION HISTORY (Last 25 Observations)
- Most Recent: June 20, 2026 β Blacklist listings detected (high severity)
- Operator Score: 0.4783 (Basic)
- Route Stability: Stable (0 route changes in 30 days)
- Threat Persistence: Single observation event
---
RECOMMENDED ACTIONS
Immediate Mitigation:
```bash
# iptables
iptables -A INPUT -s 47.128.119.120 -j DROP
# nftables
nft add rule inet filter input ip saddr 47.128.119.120 drop
# AWS WAF
Addresses: 47.128.119.120/32
Description: IPDebrief risk 50
```
Subnet-Level Consideration:
Given the 60 threat siblings in the /24 subnet, consider implementing broader filtering for 47.128.119.0/24 if operational requirements permit.
---
INTELLIGENCE NOTES
- Target is AWS-managed infrastructure; abuse may be attributed to compromised instances or legitimate high-volume services.
- DNSBL listings require investigation to determine blocking rationale.
- Neighboring IPs show consistent risk patterns (score ~40 with authority score 60).
- No open ports detected; target appears firewalled or passive.
Analyst Recommendation: Monitor for correlation with known threat actors. Evaluate blocking based on organizational risk tolerance for moderate-risk cloud infrastructure within high-abuse subnets.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Singapore |
| ASN | AS16509 |
| Network Name | β |
| CIDR Block | 47.128.0.0/14 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-47-128-119-120.ap-southeast-1.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-47-128-119-120.ap-southeast-1.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 36% | 2 | 4 |
| routing | 24% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 27% | 3 | 4 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 28% | 12 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-17 15:13:33 UTC |
| Last Seen | 2026-06-28 05:31:20 UTC |
| Profile Built | 2026-06-28 23:36:00 UTC |
| Data Freshness | Live |
| Signal Types | 25 |
| Total Observations | 28 |
Full dossier details are available via our API.