# IP Intelligence Briefing: 47.128.96.196
## Executive Summary
IP 47.128.96.196 is a cloud infrastructure endpoint operated by Amazon Web Services in Singapore. The address carries a moderate risk score of 40, with elevated neighborhood context indicating a high-abuse subnet environment. No direct threat indicators were observed; the IP remains a legitimate cloud compute instance with no open services.
## Ownership and Infrastructure
- Organization: Amazon Data Services Singapore
- ASN: AS16509 (amazon.com inc)
- Country: Singapore (SG)
- Infrastructure Type: Cloud Compute (AWS)
- Service Purpose: Firewalled / No Services
- DNS Resolution: ec2-47-128-96-196.ap-southeast-1.compute.amazonaws.com
## Risk Assessment
| Metric | Value |
|---|---|
| Risk Score | 40 (Moderate Risk) |
| Provider Score | 0 |
| Authority Score | 0 |
| Abuse Confidence | None |
| Blacklist Count | 0 |
| Known Campaign | None |
## Neighborhood Analysis (47.128.96.0/24)
- Classification: High Abuse
- Abuse Density: 0.5588
- Total Siblings: 34
- Active Siblings: 21
- Threat Siblings: 19
- Inherited Risk: 22
Risk distribution across the /24 subnet shows 21 medium-risk IPs and 15 low-risk IPs. Multiple addresses within the subnet exhibit risk scores of 40-50, indicating concentrated activity patterns.
## Threat Indicators
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Proxy/VPN: No
- DNSBL Listings: 1 of 8 total lists
- Threat Feeds: None
## Services and Ports
No open ports detected. The instance is fully firewalled with no accessible services. TLS certificate, HTTP title, and server banner data are unavailable due to firewall restrictions.
## Historical Observations
21 observations recorded as of 2026-06-20. Recent signals indicate:
- Consistent classification as high_abuse at subnet level
- Stable cloud infrastructure classification
- No ownership changes detected
- No persistent malicious behavior observed
## Relationships
- DNS Associations: ec2-47-128-96-196.ap-southeast-1.compute.amazonaws.com
- Network Affiliation: AMAZON-SIN
- Total Relationships: 47
## Recommended Actions
- Block List: Not recommended β legitimate cloud infrastructure with no direct threat indicators
- Monitor: Track subnet-level activity; 19 threat-sibling IPs in the /24 warrant observation
- Context: Risk score primarily reflects neighborhood abuse density rather than IP-specific malicious activity
- SOC Handling: Treat as benign cloud endpoint; no immediate blocking required
## Intelligence Conclusion
IP 47.128.96.196 represents a standard AWS EC2 instance in Singapore with moderate contextual risk from neighborhood activity. The IP itself shows no malicious indicators, no open services, and no blacklist presence. Security teams should maintain awareness of the subnet's elevated abuse density but no immediate threat mitigation actions are warranted for this specific address.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Singapore |
| ASN | AS16509 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | ec2-47-128-96-196.ap-southeast-1.compute.amazonaws.com |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | ec2-47-128-96-196.ap-southeast-1.compute.amazonaws.com |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 41% | 2 | 4 |
| routing | 8% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 20% | 2 | 3 |
| reputation | 23% | 1 | 2 |
| geolocation | 40% | 2 | 3 |
| Overall | 25% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-23 00:20:57 UTC |
| Last Seen | 2026-06-28 20:21:00 UTC |
| Profile Built | 2026-06-29 02:24:54 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 24 |
Full dossier details are available via our API.