47.238.254.223
IP Intelligence Briefing: 47.238.254.223
Date: 2026-06-12
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Provider: Alibaba Cloud (HK)
- Geolocation: Hong Kong (HK), IPv4 /15 subnet (47.238.0.0/15)
- Network Role: Cloud Compute (Hosting/Infrastructure)
- Threat Indicators: No direct malicious indicators (no malware, phishing, or known attacker associations).
---
**2. Observation History (Last 14 Days)**
- Location Signals:
- Observed in the U.S. (confidence 0.35) with inferred coordinates (39.83°N, -98.58°W).
- Multiple DNSBL listings (2/8 total) with "high" severity.
- Threat Feeds:
- AlienVault OTX flagged 4 threat pulses (likely benign cloud activity).
- No recent scans, enumeration, or WAF violations.
- DNSSEC: Validated (no spoofing detected).
---
**3. Relationships & Subnet**
- Network Affiliation:
- Linked to ALIBABA-CLOUD---HK (AS45102) across multiple /24 subnets.
- No direct connections to other malicious networks.
- Subnet Abuse Density:
- 47.238.254.223/24 subnet has 1 sibling IP (risk score 25/100).
- Subnet abuse density: 0% (low risk).
---
**4. Recommended Actions**
- Monitor: Track DNSBL listings and U.S. location signals for potential misconfigurations or data exfiltration.
- Block: Consider blocking the IP if it persists in U.S.-based traffic or if threat pulses increase.
- Verify: Confirm Alibaba Cloud infrastructure legitimacy via official AS45102 records.
---
Conclusion:
This IP is associated with Alibaba Cloud infrastructure in Hong Kong. While no direct malicious activity is detected, its presence in U.S.-based DNSBL listings and mixed geolocation signals warrants further investigation. SOC teams should prioritize monitoring for anomalous behavior while balancing operational needs.
Source: IPDebrief Threat Intelligence Platform
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | ALIBABA CLOUD - HK |
| ASN | AS45102 |
| Network Name | ALIBABA-CLOUD---HK |
| CIDR Block | 47.238.0.0/15 |
| RIR | ARIN |
| Country | Hong Kong |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
๐ TLS Certificate
| SANs | None |
| Valid From | 2026-05-28T12:47:53+00:00 |
| Valid Until | 2026-06-04T04:47:52+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_128_GCM_SHA256 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 6 days |
| Serial Number | 06C074EA016F3FB4DC8829AD94FF60A303F3 |
| Thumbprint | 242D279FAE38557A73E2B28A77510F73C8DBAD54 |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 0% | 0 | 0 |
| routing | 0% | 0 | 0 |
| services | 0% | 0 | 0 |
| ownership | 19% | 2 | 2 |
| reputation | 0% | 0 | 0 |
| geolocation | 13% | 1 | 1 |
| Overall | 5% | 3 | 3 |
| Data Coherence | Mostly Consistent (85%) โ 1 contradiction(s) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-31 17:24:30 UTC |
| Last Seen | 2026-06-13 03:45:53 UTC |
| Profile Built | 2026-06-12 09:49:37 UTC |
| Data Freshness | Live |
| Signal Types | 18 |
| Total Observations | 19 |
Full dossier details are available via our API.