# IP INTELLIGENCE BRIEFING
Target: 47.128.16.126/32
Date: June 15, 2026
Classification: Moderate Risk (AWS Cloud Infrastructure)
---
## EXECUTIVE SUMMARY
IP 47.128.16.126 is a legitimate Amazon Web Services EC2 instance hosted in Singapore (ap-southeast-1). The IP carries a moderate risk score of 40 with no active threat indicators. The subnet demonstrates elevated abuse density (0.6923), consistent with cloud hosting environments, but the specific target shows no known malicious activity.
---
## OWNERSHIP & GEOLOCATION
| Attribute | Value |
|---|---|
| Organization | Amazon Data Services Singapore |
| ASN | 16509 |
| Network | AMAZON-SIN |
| Location | Singapore (1.35, 103.82) |
| CIDR Block | 47.128.0.0/14 |
| Infrastructure Type | Cloud Compute / Hosting |
DNS Resolution: ec2-47-128-16-126.ap-southeast-1.compute.amazonaws.com (forward confirmed)
---
## THREAT ASSESSMENT
Risk Score: 40 / 100 (Moderate)
Abuse Confidence Score: Not applicable
Known Attacker: No
Tor Exit Node: No
Spam Source: No
Blacklist Count: 0 (1 DNSBL listing out of 8 total lists)
Threat Indicators: None detected
Known Campaigns: None
Threat Persistence: 0 days
---
## NETWORK CLASSIFICATION
| Classification | Status |
|---|---|
| Is Cloud | Yes |
| Is CDN | No |
| Is Proxy | No |
| Is Tor | No |
| Is Hosting | Yes |
| Is Residential | No |
| Is Mobile | No |
| Is Bogon | No |
| Is Anycast | No |
Services: No open ports detected
TLS Certificate: None
HTTP Title: None
Service Purpose: Firewalled / No Services
---
## SUBNET ANALYSIS (47.128.16.0/24)
Abuse Density: 0.6923 (High)
Total Siblings: 13
Active Siblings: 7
Threat Siblings: 9
Inherited Risk Score: 22
Neighbor Risk Distribution:
- High Risk: 0
- Medium Risk: 13
- Low Risk: 1
Notable Neighbors:
| IP Address | Risk Score | Authority Score |
|---|---|---|
| 47.128.16.131 | 50 | 60 |
| 47.128.16.115 | 40 | 60 |
| 47.128.16.120 | 40 | 60 |
| 47.128.16.180 | 40 | 60 |
---
## OBSERVATION HISTORY
Recent observations (June 15, 2026) indicate stable behavior across multiple signal types:
- Network classification confirmed as AWS cloud infrastructure
- Geolocation inference consistent with Singapore region
- Operator score: 0.2609 (Basic)
- Subnet abuse density maintained at 0.6923
No significant changes in threat posture detected during observation period.
---
## RELATIONSHIP MAPPING
Total Relationships: 31
Key Associations:
- DNS: ec2-47-128-16-126.ap-southeast-1.compute.amazonaws.com
- Network: AMAZON-SIN
- Multiple hostname associations to AWS compute endpoints
No malicious entity relationships detected.
---
## RECOMMENDED ACTIONS
Based on risk profile (40) and lack of specific threat indicators, monitoring is recommended. However, due to subnet abuse density (0.6923), the following rules are available for implementation:
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 47.128.16.126 -j DROP
# nftables
nft add rule inet filter input ip saddr 47.128.16.126 drop
# nginx
deny 47.128.16.126;
# pfSense
47.128.16.126/32
```
Cloud WAF Rules:
- Cloudflare WAF: Block IP with expression `ip.src eq 47.128.16.126`
- AWS WAF: Address `47.128.16.126/32` with description "IPDebrief risk 40"
Note: These recommendations are probabilistic. Combined with other signals before taking action.
---
## ANALYST DECISION MATRIX
| Factor | Assessment |
|---|---|
| Legitimate Cloud Service | Yes |
| Active Malicious Activity | No |
| Subnet Abuse Context | High (cloud hosting) |
| Blocking Recommendation | Monitor / No Block |
| Investigation Priority | Low |
Recommendation: This IP represents legitimate cloud infrastructure with moderate contextual risk due to subnet density. No immediate blocking required unless additional threat indicators are observed. Monitor for service activity and behavioral changes.
---
*Intelligence generated by IPDebrief Analysis Platform*
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Singapore |
| ASN | AS16509 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-47-128-16-126.ap-southeast-1.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-47-128-16-126.ap-southeast-1.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 31% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 23% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-15 14:46:30 UTC |
| Last Seen | 2026-06-28 02:34:14 UTC |
| Profile Built | 2026-06-28 20:38:59 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.