47.128.120.17
IP Intelligence Dossier
Your IP: 216.73.216.123
π€ Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
# IP Intelligence Briefing: 47.128.120.17/32
## Executive Summary
IP address 47.128.120.17 is a legitimate Amazon Web Services cloud compute instance deployed in Singapore. The IP presents low risk (risk score 25) with no active threat indicators. However, the /24 subnet exhibits moderate abuse density (42.86%) with 6 threat-identified sibling IPs, warranting contextual awareness.
## Infrastructure Profile
- Organization: Amazon Data Services Singapore (ASN 16509)
- Geolocation: Singapore (ap-southeast-1 region), coordinates 1.35°N, 103.82°E
- Network Role: Cloud Compute infrastructure
- Classification: Cloud hosting provider
- Status: Firewalled / No services exposed
## Technical Observations
DNS Resolution:
- PTR hostname: ec2-47-128-120-17.ap-southeast-1.compute.amazonaws.com
- Forward resolution confirmed to amazonaws.com domain
- SPF and DMARC records present on associated domain
- Single forward-hostname association
Control Plane:
- Origin ASN: 16509 (Amazon)
- BGP prefix: 47.128.0.0/14
- DNSBL listings: 1 of 8 total lists (minor listing)
- Operator score: 0.2609 (Basic classification)
- RPKI state: Not verified
Services Exposure:
- No open ports detected
- No TLS certificates
- No HTTP services
- No banner information captured
## Threat Assessment
Current Risk Level: Low (Score: 25)
- No known attack campaigns
- Not identified as Tor exit node, attacker, or spam source
- Zero active threat indicators in current profile
- Blacklist count: 0
- Threat observation count: 1
Historical Signals:
- 26 total observations recorded
- Recent activity from June 2026
- Consistent operator score (0.2609) across observations
- Subnet classification: Mixed
- No persistent malicious behavior detected
## Neighborhood Analysis
Subnet: 47.128.120.17/24
- Total siblings: 14
- Active siblings: 13
- Abuse density: 42.86%
- Threat siblings: 6
- All neighboring IPs show identical risk profile (risk score 25, authority score 60)
Neighbor IP Distribution:
- 47.128.120.154, 162, 172, 173, 189, 197, 203, 204, 205, 206, 214, 222, 240
- Uniform risk scoring across subnet indicates coordinated cloud deployment rather than malicious activity
## Network Relationships
- Associated with AMAZON-SIN network
- 53 relationship entities identified
- Primary DNS association with AWS compute infrastructure
## SOC Recommendations
Immediate Actions:
- No blocking required; IP shows legitimate cloud provider profile
- Monitor for service exposure if firewall configuration changes
- Standard AWS traffic logging sufficient for baseline
Contextual Awareness:
- The /24 subnet demonstrates elevated abuse density (42.86%)
- Six sibling IPs flagged as threatsβmonitor traffic patterns from this subnet
- Abuse density may indicate compromised EC2 instances sharing the same subnet
Detection Considerations:
- Legitimate traffic patterns expected for AWS infrastructure
- Alert on unusual port scanning or service enumeration against this IP
- Correlate with known AWS outbound patterns if investigating lateral movement
No firewall rules recommended based on current risk profile. Standard AWS egress rules apply.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Singapore |
| ASN | AS16509 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-47-128-120-17.ap-southeast-1.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-47-128-120-17.ap-southeast-1.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
No certificate
Issued by β
N/A
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 39% | 2 | 6 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 28% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 23% | 10 | 18 |
Coverage: 6/6 dimensions Β· Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-07 23:04:23 UTC |
| Last Seen | 2026-06-27 05:49:03 UTC |
| Profile Built | 2026-06-27 23:55:41 UTC |
| Data Freshness | Live |
| Signal Types | 24 |
| Total Observations | 31 |
π 24 signal types Β· 31 observations collected
This report is generated from 24+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
βΉοΈ About This Report
All data shown is publicly available network metadata β IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.