# IP Intelligence Briefing: 47.83.131.134/32
## Executive Summary
IP address 47.83.131.134 is classified as Moderate Risk (Score: 40). The address belongs to Alibaba Cloud LLC (ASN 45102), geolocated to Ashburn, VA. Current threat indicators show no active malicious activity, but historical observations indicate prior threat associations and DNSBL listings. The IP hosts a single SSH service on port 22.
## Technical Profile
Ownership & Geolocation
- ASN: 45102 (Alibaba Cloud LLC)
- Organization: Alibaba Cloud LLC
- Location: Ashburn, Virginia, United States
- CIDR Block: 47.83.128.0/17 (BGP Prefix)
- RIR: ARIN
Network Configuration
- Network Role: Single-Service Host
- Open Ports: 22/TCP (SSH - OpenSSH 9.6p1 Ubuntu-3ubuntu13.16)
- TLS Certificates: None detected
- DNS Records: No PTR hostnames, no forward resolution confirmed
Threat Indicators
- Current Status: No active threat indicators
- DNSBL Listings: 1 of 8 total lists (historical)
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
Control Plane Analysis
- Route Stability: Not stable (route changes detected in 30-day window)
- DNSSEC: Valid
- DNSBL Listed: Yes (1 listing)
- Operator Score: 0.2174 (Minimal)
## Neighborhood Analysis
The IP resides in subnet 47.83.131.134/24 with:
- Abuse Density: 0 (Clean)
- Threat Siblings: 0
- Active Siblings: 1
- Classification: Clean
No adjacent IPs in the immediate /24 subnet show elevated risk scores.
## Historical Observations
Analysis of 52 historical observations reveals:
- Most Recent Activity: June 25, 2026
- Threat Persistence: Single threat observation detected
- Notable Historical Signals:
- One observation flagged the IP as having threats (confidence 0.85)
- Multiple DNSBL listing events (1 of 8 lists at maximum severity: high)
- Inconsistent ISP attribution observed (AS1239 Sprint noted in historical data vs. current Alibaba Cloud ASN)
- Ownership Stability: No ownership changes recorded
## Relationship Graph
108 relationships identified, primarily network-level associations (AL-3 type network references). No certificate or hostname relationships detected.
## Recommended Actions
Based on risk profile and historical context, the following security measures are recommended:
Firewall Rules
```bash
# iptables
iptables -A INPUT -s 47.83.131.134 -j DROP
# nftables
nft add rule inet filter input ip saddr 47.83.131.134 drop
# nginx
deny 47.83.131.134;
```
WAF Integration
- Cloudflare WAF: Block rule recommended with expression `ip.src eq 47.83.131.134`
- AWS WAF: Add IP 47.83.131.134/32 to blocked address list
Monitoring Priority: Medium
While current threat indicators are absent, the historical DNSBL listings and prior threat flags warrant continued monitoring. The single SSH service presents potential exploitation vectors if the host is compromised.
## Assessment
This IP demonstrates moderate risk characteristics with historical threat associations but no current active indicators. The moderate risk score (40) combined with DNSBL listings and historical threat observations suggests the address should be blocked or monitored at the perimeter. The clean neighborhood context indicates this is likely an isolated incident rather than part of a larger compromised subnet.
Priority: Medium
Action: Block or monitor based on organizational threat tolerance policies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Alibaba Cloud LLC |
| ASN | AS45102 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 22 | ssh | tcp | |
| Closed Ports | 25, 80, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 41% | 2 | 6 |
| routing | 8% | 1 | 1 |
| services | 20% | 2 | 3 |
| ownership | 20% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 30% | 2 | 3 |
| Overall | 24% | 10 | 19 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-08 23:18:40 UTC |
| Last Seen | 2026-06-26 18:12:24 UTC |
| Profile Built | 2026-06-27 10:55:36 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 54 |
Full dossier details are available via our API.