47.128.119.133
# IP Intelligence Briefing: 47.128.119.133/32
Classification: Cloud Infrastructure / Moderate Risk
Date: 2026-06-20
Source: IPDebrief Intelligence Platform
---
## Executive Summary
IP address 47.128.119.133 is an Amazon Web Services (AWS) EC2 instance located in Singapore (ap-southeast-1). The IP carries a moderate risk score of 40/100. No active threat indicators were detected. However, the /24 subnet (47.128.119.0/24) exhibits high abuse density (0.5895) with 56 threat-sibling IPs identified, warranting contextual monitoring.
---
## Infrastructure Profile
| Attribute | Value |
|---|---|
| **IP Address** | 47.128.119.133 |
| **Risk Score** | 40/100 (Moderate) |
| **ASN** | 16509 |
| **Organization** | Amazon Data Services Singapore |
| **Location** | Singapore, SG |
| **Infrastructure Type** | CloudCompute (AWS EC2) |
| **Network Classification** | Cloud / Hosting |
| **Status** | Active |
---
## Technical Details
DNS Resolution:
- PTR Hostname: `ec2-47-128-119-133.ap-southeast-1.compute.amazonaws.com`
- Forward Resolution: Confirmed (1 hostname)
- Domain: amazonaws.com
Services:
- Open Ports: None detected
- Service Status: Firewalled / No Services
- TLS Certificates: Not exposed
Control Plane:
- BGP Prefix: 47.128.0.0/14
- DNSSEC: Valid
- RPKI State: Pending
- Route Stability: False
---
## Threat Assessment
Current Threat Indicators:
- Blacklist Count: 0
- Is Tor Exit Node: False
- Is Known Attacker: False
- Is Spam Source: False
- Known Campaigns: None
- Abuse Confidence Score: Not available
Risk Breakdown:
- Provider Score: 0
- Authority Score: 0
- Stability Score: 0
---
## Neighborhood Analysis (47.128.119.0/24)
| Metric | Value |
|---|---|
| **Subnet Abuse Density** | 0.5895 (High) |
| **Total Siblings** | 95 |
| **Active Siblings** | 70 |
| **Threat Siblings** | 56 |
| **Risk Distribution** | High: 0, Medium: 49, Low: 48 |
Key Observation: While the target IP shows no direct malicious indicators, the /24 subnet demonstrates elevated abuse density with 56 threat-sibling IPs. This contextual risk factor suggests the IP shares infrastructure with potentially malicious actors.
---
## Observation History
Signal Count: 21 observations
Latest Observation: 2026-06-20T03:55:04 UTC
Temporal Trends:
- Threat Persistence Days: 0
- Threat Observation Count: 1
- Persistent Malicious Activity: False
- Ownership Changes: 0
Recent Signals:
- Geolocation validation (Singapore): Confirmed
- Subnet abuse classification: High abuse density
- Threat list status: Not listed
- Attacker classification: False
---
## Relationship Graph
Total Relationships: 33
Primary Associations:
- DNS: `ec2-47-128-119-133.ap-southeast-1.compute.amazonaws.com`
- Network: AMAZON-SIN (47.128.0.0/14)
- Multiple DNS and network associations to AWS infrastructure
---
## Recommended Actions
Security Recommendations:
- Monitor subnet activity due to high abuse density
- Consider traffic analysis on /24 block for correlated anomalies
- No immediate blocking recommended for isolated IP activity
Firewall Rules (If Blocking Required):
```
iptables: iptables -A INPUT -s 47.128.119.133 -j DROP
nftables: nft add rule inet filter input ip saddr 47.128.119.133 drop
Cloudflare WAF: Block 47.128.119.133 β IPDebrief risk score 40
AWS WAF: Addresses: 47.128.119.133/32
```
---
## Intelligence Notes
1. Low Immediate Threat: The IP shows no direct evidence of malicious activity. All threat indicators are negative.
2. Contextual Risk: The /24 subnet classification as "high_abuse" with 56 threat siblings suggests infrastructure-level risk. Monitor for correlated activity.
3. Cloud Infrastructure: As an AWS EC2 instance with no open services, the IP is likely part of legitimate cloud operations. False positives possible due to shared IP space.
4. Geographic Consistency: All signals consistently indicate Singapore location with plausible geolocation validation.
5. Action Threshold: Consider blocking only if additional signals correlate with known threat campaigns or observed malicious behavior.
---
Briefing Prepared By: IPDebrief Intelligence Team
Classification: SOC-DEFENSIVE
Next Review: Monitor for subnet-level threat correlation
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Singapore |
| ASN | AS16509 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-47-128-119-133.ap-southeast-1.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-47-128-119-133.ap-southeast-1.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 29% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 33% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-17 21:15:45 UTC |
| Last Seen | 2026-06-28 05:54:19 UTC |
| Profile Built | 2026-06-28 23:57:59 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 27 |
Full dossier details are available via our API.