47.128.121.9
# IP Intelligence Briefing: 47.128.121.9
## Executive Summary
Target 47.128.121.9 is a cloud infrastructure asset hosted by Amazon Web Services in Singapore. While the IP exhibits moderate individual risk (score: 40), it operates within a high-abuse density subnet (47.128.121.0/24) with an abuse density of 0.5676. The asset shows no direct threat indicators but warrants monitoring due to neighborhood context.
---
## Infrastructure Profile
Classification: CloudCompute / Hosting Provider
Risk Score: 40 (Moderate Risk)
ASN: 16509 (Amazon Data Services Singapore)
Organization: AMAZON-SIN
Geolocation: Singapore (ap-southeast-1 region)
Network Block: 47.128.0.0/14
DNS Resolution: ec2-47-128-121-9.ap-southeast-1.compute.amazonaws.com
Infrastructure Status: Stable (no changes in 30 days)
---
## Threat Assessment
Direct Threat Indicators: None detected
- Not listed on major threat feeds
- No known campaign associations
- No blacklist entries (count: 0)
- Not a Tor exit node, proxy, or VPN endpoint
- No open ports detected
Contextual Risk Factors:
- Subnet Abuse Density: 0.5676 (High)
- Threat Siblings: 42 out of 74 total IPs in /24 subnet
- Inherited Risk Score: 22 (from neighborhood context)
- Control Plane: Listed on 1 DNSBL out of 8 total lists
---
## Observation History
Total Observations: 26 signals analyzed
Temporal Stability:
- Ownership: Stable (0 changes)
- Route: Stable (0 changes in 30 days)
- BGP Prefix: 47.128.0.0/14 via AS2914 β AS16509
- No persistent malicious activity observed
Recent Signals:
- June 2026: Confirmed AWS cloud infrastructure classification
- ASN age: 9,539 days (stable legacy assignment)
- RIR Registry: ARIN (United States)
---
## Neighborhood Intelligence
Subnet: 47.128.121.0/24
Total Siblings: 74
Active Siblings: 45
Threat Siblings: 42
Risk Distribution: High: 0, Medium: 72, Low: 7
Notable Neighboring IPs (Risk Score 40):
- 47.128.121.6
- 47.128.121.7
- 47.128.121.13
- 47.128.121.52
- 47.128.121.53
---
## Recommended Actions
Monitoring Priority: Medium
Recommended Controls:
1. Traffic Analysis: Monitor outbound connections from this subnet, particularly to high-risk destinations
2. Threat Intelligence Integration: Feed sibling IP data into correlation engines for contextual threat detection
3. Baseline Behavior: Establish normal traffic patterns for this AWS subnet to detect anomalies
4. DNS Filtering: Consider blocking or rate-limiting DNS queries to this subnet during threat events
5. Network Segmentation: If receiving traffic from this subnet, implement egress filtering
Firewall Rule Template (iptables):
```bash
# Monitor (not block) - allow traffic but log
iptables -A INPUT -s 47.128.121.0/24 -j LOG --log-prefix "AWS-SG-47.128.121:"
iptables -A INPUT -s 47.128.121.0/24 -j ACCEPT
# Or block if threat indicators escalate
# iptables -A INPUT -s 47.128.121.0/24 -j DROP
```
---
## Conclusion
Target 47.128.121.9 presents moderate individual risk with no direct malicious indicators. However, the high-abuse density of the surrounding subnet (42 threat siblings) creates contextual risk. The IP operates within standard AWS cloud infrastructure with stable network characteristics. SOC teams should monitor traffic patterns and consider sibling IP correlations during threat investigations. No immediate blocking required, but maintain awareness of neighborhood threat activity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Singapore |
| ASN | AS16509 |
| Network Name | AMAZON-SIN |
| CIDR Block | 47.128.0.0/14 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-47-128-121-9.ap-southeast-1.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-47-128-121-9.ap-southeast-1.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 3 |
| routing | 24% | 2 | 3 |
| services | 15% | 2 | 2 |
| ownership | 35% | 3 | 5 |
| reputation | 13% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 22% | 12 | 17 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-27 19:22:48 UTC |
| Last Seen | 2026-06-29 04:50:04 UTC |
| Profile Built | 2026-06-29 04:58:15 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 28 |
Full dossier details are available via our API.