47.82.113.229
IP Intelligence Dossier
Your IP: 216.73.216.123
๐ค Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.
Threat Intelligence Briefing for IP 47.82.113.229/32
Overview:
The IP address 47.82.113.229/32 was observed over a specified period, with data collected using various cybersecurity tools. This briefing provides a summary of its activity, relationships, and surrounding network context, intended to assist SOC analysts in identifying potential security risks.
IP Address Details:
- IP Address: 47.82.113.229/32
- Geolocation: The IP address is geolocated to [Country], [City/Region] within [ISP].
Activity and Observation History:
- Traffic Patterns: The IP exhibited [e.g., consistent] traffic patterns, primarily involving [e.g., HTTP, HTTPS] protocols. Notable peaks in traffic were observed during [specific times/periods].
- Domain Associations: The IP was associated with [number] domains, including [List of Domains], which were involved in [e.g., content delivery, web hosting].
- Behavioral Analysis: The IP demonstrated [e.g., regular, irregular] access to specific web services. There were [number] incidents of [e.g., failed login attempts, unusual access patterns] that could indicate potential security concerns.
Relationships:
- Known Affiliations: The IP has connections to [e.g., known threat actors, legitimate entities] based on observed communications with [List of Related IPs or Domains].
- Malware Indications: There were [number] instances of malware signatures detected associated with the IP, specifically [e.g., ransomware, trojans].
- Threat Intelligence Feeds: The IP was flagged in [number] threat intelligence feeds as [e.g., malicious, suspicious] based on [e.g., past incidents, shared infrastructure with known threats].
Neighborhood Data:
- Subnet Analysis: The IP resides within a subnet that includes [number] other IPs, some of which have been previously noted for [e.g., malicious activity, benign activity].
- Co-located Infrastructure: The IP shares physical or virtual infrastructure with [number] other entities, including [e.g., known bad actors, legitimate businesses].
- Anomalous Neighbors: Several neighboring IPs have shown [e.g., similar traffic patterns, shared domain usage] that might suggest [e.g., coordinated activity, common ownership].
Actionable Insights:
- Monitoring Recommendations: Continuous monitoring of traffic patterns and domain associations is advised to detect any escalation in suspicious activity.
- Incident Response: Prepare for potential incident response scenarios, particularly if traffic anomalies or malware detections increase.
- Threat Hunting: Conduct targeted threat hunting exercises focusing on the domains and neighboring IPs associated with 47.82.113.229/32.
Conclusion:
The IP address 47.82.113.229/32 presents a mixed profile with both legitimate and potentially malicious indicators. SOC teams should prioritize monitoring and analysis to ensure timely detection and response to any emerging threats. Further investigation into associated domains and neighboring IPs is recommended to fully understand the risk landscape.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Alibaba Cloud LLC |
| ASN | AS45102 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | ARIN |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Single-Service Host |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.11 |
๐ TLS Certificate
No certificate
Issued by โ
N/A
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 31% | 2 | 4 |
| routing | 17% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 32% | 2 | 3 |
| Overall | 24% | 10 | 16 |
Coverage: 6/6 dimensions ยท Data sufficiency: sufficient
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:23 UTC |
| Last Seen | 2026-06-23 14:57:05 UTC |
| Profile Built | 2026-06-23 15:06:24 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 23 |
๐ 19 signal types ยท 23 observations collected
This report is generated from 19+ independent intelligence signals including
ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds,
behavioral fingerprinting, and more.
Full dossier details are available via our API.
Full dossier details are available via our API.
โน๏ธ About This Report
All data shown is publicly available network metadata โ IP addresses do not reliably identify individuals.
Assessments are probabilistic and should not be used as sole basis for access control decisions.
To report an issue or request data review, contact admin@ipdebrief.com.