47.128.121.187
# IP Intelligence Briefing: 47.128.121.187/32
Classification: Moderate Risk β Cloud Infrastructure with Neighborhood Abnormality
Date: 2026-06-27
Analyst: IPDebrief Intelligence Team
---
## Executive Summary
IP address 47.128.121.187 is assigned to Amazon Web Services (AWS) Singapore region (ap-southeast-1) and operates as cloud compute infrastructure. While the endpoint itself shows no direct malicious indicators, the associated /24 subnet demonstrates elevated abuse density (0.5632) with 49 active threat siblings among 65 active neighbors. The IP carries a risk score of 40 and is classified within a high-abuse neighborhood environment. No open services or active ports are currently detected.
---
## Ownership and Geolocation
| Attribute | Value |
|---|---|
| **Organization** | Amazon Data Services Singapore |
| **ASN** | 16509 (Amazon.com, Inc.) |
| **Network** | AMAZON-SIN |
| **CIDR Block** | 47.128.0.0/14 |
| **Country** | Singapore (SG) |
| **Region** | ap-southeast-1 |
| **Coordinates** | 1.35°N, 103.82°E |
| **Infrastructure Type** | CloudCompute |
---
## Threat Intelligence Indicators
| Indicator | Status |
|---|---|
| **Risk Score** | 40/100 (Moderate) |
| **Abuse Confidence** | Not Available |
| **Known Attacker** | No |
| **Spam Source** | No |
| **Tor Exit Node** | No |
| **Blacklist Count** | 0 |
| **Known Campaigns** | None |
| **Threat Feeds** | None |
Signal History: 26 observations recorded. Recent activity (2026-06-26 through 2026-06-27) consistently classified the subnet as "high_abuse" with inherited risk score of 22.
---
## Network Neighborhood Analysis (47.128.121.0/24)
- Total Siblings: 88 IPs
- Active Siblings: 65 IPs
- Threat Siblings: 49 IPs
- Abuse Density: 0.5632 (Elevated)
- Classification: High Abuse
Risk Distribution:
- High Risk: 0
- Medium Risk: 79
- Low Risk: 9
Sample Neighbor IPs (Risk Score 40):
- 47.128.121.6
- 47.128.121.7
- 47.128.121.9
- 47.128.121.13
---
## DNS and Network Services
| Parameter | Value |
|---|---|
| **PTR Hostname** | ec2-47-128-121-187.ap-southeast-1.compute.amazonaws.com |
| **Forward Resolution** | Confirmed (amazonaws.com) |
| **Open Ports** | None detected |
| **TLS Certificate** | None |
| **HTTP Service** | None |
| **Server Banner** | None |
DNSBL Status: Listed on 1 of 8 DNSBL lists
---
## Relationship Graph
Total relationships identified: 52
Primary Associations:
- DNS: ec2-47-128-121-187.ap-southeast-1.compute.amazonaws.com (multiple associations)
- Network: AMAZON-SIN (AWS Singapore network)
- Control Plane: Origin ASN 16509, BGP Prefix 47.128.0.0/14
---
## Recommended Security Actions
Despite AWS infrastructure classification, the elevated neighborhood abuse density warrants defensive positioning:
Firewall Rules
| Platform | Rule |
|---|---|
| **iptables** | `iptables -A INPUT -s 47.128.121.187 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 47.128.121.187 drop` |
| **nginx** | `deny 47.128.121.187;` |
| **pfSense** | `47.128.121.187/32` |
| **Cloudflare WAF** | Block with expression: `ip.src eq 47.128.121.187` |
| **AWS WAF** | `{"Addresses":["47.128.121.187/32"], "Description":"IPDebrief risk 40"}` |
---
## Threat Assessment and Operational Notes
1. Infrastructure Context: This is a legitimate AWS EC2 endpoint in the Singapore region. However, the surrounding /24 subnet exhibits abnormal abuse patterns.
2. Risk Mitigation: No direct threat indicators exist on this specific IP. However, the high-abuse neighborhood classification suggests compromised or misconfigured instances in the same subnet.
3. Recommended Approach:
- Block inbound connections at perimeter firewall
- Monitor for outbound connections from internal assets to this IP
- Consider subnet-level blocking if threat intelligence warrants
- Re-evaluate periodically as neighborhood dynamics may shift
4. False Positive Consideration: AWS cloud infrastructure commonly hosts legitimate services. Blocking should be combined with additional signals (e.g., connection patterns, payload analysis) before implementing permanent rules.
---
End of Briefing
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Singapore |
| ASN | AS16509 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-47-128-121-187.ap-southeast-1.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-47-128-121-187.ap-southeast-1.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 28% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 30% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-10 10:13:53 UTC |
| Last Seen | 2026-06-27 17:32:12 UTC |
| Profile Built | 2026-06-28 17:37:04 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 29 |
Full dossier details are available via our API.