IP Intelligence Briefing: 47.238.95.91
Date: 2026-06-08
---
**1. Core Profile**
- Risk Score: Moderate (50/100)
- Provider: Alibaba Cloud (HK)
- Geolocation: Hong Kong (HK), Alibaba Cloud infrastructure
- Network Role: CloudCompute (Hosting / Firewalled)
- Threat Indicators: No active malicious activity detected.
---
**2. Threat Observations**
- DNSSEC Validation: Minimal risk (score 0.15), indicating potential configuration issues.
- Threat Feed Listings:
- Listed in 1/8 threat feeds with "high" severity (confidence 0.85).
- No direct malware, phishing, or exploit campaigns linked.
- Historical Activity:
- No persistent malicious behavior (0 threat persistence days).
- Last observed activity: June 8, 2026.
---
**3. Network Relationships**
- Shared Network: Part of Alibaba Cloudโs `ALIBABA-CLOUD---HK` network.
- Subnet: 47.238.95.91/24 (no active neighbors detected).
- ASN: AS45102 (Alibaba Cloud).
---
**4. Security Recommendations**
- Monitor DNSSEC: Investigate DNSSEC validation issues to prevent potential spoofing.
- Network Segmentation: Ensure cloud infrastructure is segmented to limit lateral movement.
- Threat Feed Monitoring: Continuously track listings in threat feeds for 47.238.95.91.
---
**5. Conclusion**
This IP is associated with legitimate Alibaba Cloud infrastructure in Hong Kong. While DNSSEC validation issues and sparse threat feed listings suggest minor risks, there is no evidence of active exploitation. SOC teams should prioritize monitoring for unusual behavior in cloud-hosted environments and ensure DNS configurations are secure.
Next Steps: Validate DNSSEC settings, correlate with cloud provider logs, and maintain surveillance for emerging threats.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | ALIBABA CLOUD - HK |
| ASN | AS45102 |
| Network Name | ALIBABA-CLOUD---HK |
| CIDR Block | 47.238.0.0/15 |
| RIR | ARIN |
| Country | Hong Kong |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 13% | 1 | 1 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 19% | 2 | 2 |
| reputation | 0% | 0 | 0 |
| geolocation | 13% | 1 | 1 |
| Overall | 12% | 6 | 6 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Recent
| First Seen | 2026-05-18 15:27:02 UTC |
| Last Seen | 2026-06-23 07:03:59 UTC |
| Profile Built | 2026-06-10 10:13:36 UTC |
| Data Freshness | Recent |
| Signal Types | 18 |
| Total Observations | 18 |
Full dossier details are available via our API.