47.128.96.138
# IP Intelligence Briefing: 47.128.96.138
## Executive Summary
Classification: Moderate Risk Cloud Infrastructure
Primary Finding: Legitimate AWS EC2 instance in Singapore with elevated neighborhood abuse density. No active malicious indicators detected.
---
## Infrastructure Profile
IP Address: 47.128.96.138/32
ASN: 16509 | Organization: Amazon Data Services Singapore
Network Classification: CloudCompute (AWS EC2)
Geolocation: Singapore (1.35°N, 103.82°E)
Hostname: ec2-47-128-96-138.ap-southeast-1.compute.amazonaws.com
Risk Assessment:
- Overall Risk Score: 40/100 (Moderate)
- Authority Score: 0 (No authoritative reputation data)
- Provider Score: 0
- Listed on 1 of 8 DNS blacklists
Network Role:
- Infrastructure Type: CloudCompute
- Service Status: Firewalled / No Services Detected
- Open Ports: None
- CDN/Proxy/VPN/Tor: No
---
## Threat Indicators
Active Threat Indicators:
- No known attacker flags
- No spam source indicators
- No Tor exit node activity
- No active campaign associations
- Zero blacklist matches for known threat feeds
- No evidence of malicious DNS or email activity
Historical Context:
- 19 signal observations recorded across multiple dimensions
- No threat persistence observed
- No correlated IPs or campaign matches
- Campaign likelihood: None
---
## Neighborhood Analysis
Subnet: 47.128.96.138/24
Abuse Density: 0.5294 (High Abuse Classification)
Total Siblings: 34 | Active Siblings: 20 | Threat Siblings: 18
Risk Distribution in /24:
- High Risk: 0
- Medium Risk: 28
- Low Risk: 8
Key Observation: The /24 subnet demonstrates elevated abuse density with 28 medium-risk neighbors. This suggests the IP space has historical abuse associations common in cloud hosting environments. The target IP (47.128.96.138) shows the same baseline risk score (40) as multiple neighboring addresses.
---
## Relationship Graph
Primary Associations:
- DNS: ec2-47-128-96-138.ap-southeast-1.compute.amazonaws.com
- Network: AMAZON-SIN (Amazon Singapore infrastructure)
- Total Relationships: 44 (primarily DNS and network associations)
All relationships confirm legitimate AWS infrastructure ownership with no anomalous entity associations.
---
## Observation History
Temporal Analysis:
- 19 observations spanning multiple monitoring periods
- Recent signals (June 2026) confirm Basic operator classification
- Consistent Singapore geolocation reporting
- No significant changes in risk posture over time
Key Signals:
- Operator Score: 0.2609 (Basic classification)
- Subnet abuse density consistently reported at 0.5294
- DNS resolution stable with forward confirmation
---
## Recommended Actions
SOC Analysis:
- Monitor for changes in risk profile if this IP appears in security alerts
- Contextualize moderate risk score with cloud hosting environment
- High neighborhood abuse density does not indicate active compromise at this IP
Firewall/Security:
- No specific block rules recommended
- Standard cloud traffic policies apply
- Verify legitimate business use case before any blocking action
Investigative Notes:
- This is a standard AWS EC2 instance with firewalled services
- Elevated neighborhood risk is typical for AWS Singapore /24 blocks
- No evidence of malicious activity or abuse at this specific IP
- Historical data shows consistent infrastructure presence
---
## Conclusion
47.128.96.138 is a legitimate AWS EC2 instance in Singapore with a moderate baseline risk score (40). The elevated neighborhood abuse density (0.5294) reflects historical abuse patterns in the /24 subnet rather than active threats. No malicious indicators, campaign associations, or anomalous behavior detected. SOC analysts may treat as standard cloud infrastructure pending legitimate use case verification.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Singapore |
| ASN | AS16509 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-47-128-96-138.ap-southeast-1.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-47-128-96-138.ap-southeast-1.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 22% | 1 | 2 |
| geolocation | 25% | 2 | 2 |
| Overall | 20% | 10 | 13 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-15 02:51:23 UTC |
| Last Seen | 2026-06-28 01:55:33 UTC |
| Profile Built | 2026-06-28 20:01:11 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 23 |
Full dossier details are available via our API.