47.128.122.131
# Intelligence Briefing: 47.128.122.131/32
Classification: MODERATE RISK
Date: Current Intelligence
Analyst: IPDebrief Intelligence
---
## EXECUTIVE SUMMARY
IP 47.128.122.131 is an Amazon Web Services (AWS) EC2 instance located in Singapore (ap-southeast-1). The IP exhibits moderate risk scoring (40) with no direct threat indicators. However, the IP resides within a subnet (47.128.122.0/24) classified as "high_abuse" with elevated abuse density (0.5526), indicating neighborhood-level threat activity.
---
## INFRASTRUCTURE PROFILE
Network Identity:
- IP Address: 47.128.122.131/32
- ASN: AS16509 (Amazon.com Inc.)
- Organization: Amazon Data Services Singapore
- Country: Singapore (SG)
- Region: ap-southeast-1 (Singapore)
- Infrastructure Type: CloudCompute
- Provider: Amazon Web Services
DNS Configuration:
- PTR Record: ec2-47-128-122-131.ap-southeast-1.compute.amazonaws.com
- Forward Resolution: Confirmed to amazonaws.com
- Reverse DNS: Forward confirmed, single hostname
Services Exposure:
- Open Ports: None detected
- HTTP/TLS: No services exposed
- Classification: Firewalled / No Services
---
## THREAT ASSESSMENT
Current Risk Score: 40 (Moderate Risk)
Threat Indicators:
- Is Known Attacker: No
- Is Spam Source: No
- Is Tor Exit: No
- Blacklist Count: 0
- Abuse Confidence Score: Not applicable
- Known Campaigns: None
Control Plane:
- Route Stability: Unstable
- DNSBL Listed: 1 of 8 lists
- Operator Score: 0.2609 (Basic)
---
## SUBNET ANALYSIS: 47.128.122.0/24
Classification: High Abuse
Abuse Density: 0.5526 (Elevated)
Neighbor Distribution (37 siblings analyzed):
- High Risk: 0
- Medium Risk: 22
- Low Risk: 15
- Active Siblings: 26
- Threat Siblings: 21
Notable Neighbor Risk Scores:
- 47.128.122.0: 40
- 47.128.122.1: 50
- 47.128.122.13: 40
- 47.128.122.100: 40
- 47.128.122.131: 40 (Target IP)
Inherited Risk: 22-23 (from subnet analysis)
---
## OBSERVATION HISTORY
Total Observations: 23 signals tracked
Key Historical Signals:
1. 2026-06-20: ASN AS16509 identified with threat indicators present (pulse_count: 3)
2. 2026-06-20: Confirmed cloud infrastructure (AWS provider)
3. 2026-06-20: Subnet classified as "high_abuse" (abuse_density: 0.5526)
4. 2026-06-15: Previous subnet analysis showed abuse_density: 0.5789 (slightly higher)
5. 2026-06-15: Operator score: 0.2609 (Basic classification)
Temporal Trends:
- Consistent cloud infrastructure classification
- Stable subnet abuse classification
- No persistent malicious behavior detected
---
## RELATIONSHIP ANALYSIS
DNS Associations:
- ec2-47-128-122-131.ap-southeast-1.compute.amazonaws.com (multiple entries)
Network Relationships:
- AMAZON-SIN network (multiple same-network associations)
---
## RECOMMENDED ACTIONS
For SOC Teams:
1. Monitor Subnet Activity: 21 out of 38 siblings in /24 subnet flagged as threats. Monitor for lateral movement patterns.
2. Traffic Filtering: Apply egress/ingress controls for traffic to/from Singapore AWS infrastructure if policy requires.
3. Baseline Comparison: Compare against known legitimate AWS traffic patterns for Singapore region.
4. DNSBL Monitoring: IP appears on 1 of 8 DNSBL listsβmonitor for blacklist additions.
Firewall Recommendations:
- No immediate blocking required (IP not confirmed malicious)
- Consider subnet-level monitoring due to high_abuse classification
- Monitor for unusual connection patterns from known threat sibling IPs
---
## INTELLIGENCE CONCLUSION
IP 47.128.122.131 is a legitimate AWS cloud infrastructure endpoint with moderate risk scoring. The primary concern is the neighborhood-level abuse density within the 47.128.122.0/24 subnet, where 55% of sibling IPs have been flagged for abuse. No direct threat indicators are associated with this specific IP. Continued monitoring of subnet activity and correlation with known threat IPs in the neighborhood is recommended.
Threat Level: MODERATE
Action Required: MONITOR (No immediate blocking recommended)
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Singapore |
| ASN | AS16509 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-47-128-122-131.ap-southeast-1.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-47-128-122-131.ap-southeast-1.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 26% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 12% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 21% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-19 03:36:30 UTC |
| Last Seen | 2026-06-28 08:29:56 UTC |
| Profile Built | 2026-06-29 02:35:09 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.