IPMediumSignal 48/100

`47.238.128.246`

Location

United States

Hong Kong, Kowloon

ASN

AS45102

Alibaba Cloud - HK

First Seen

Jul 5, 2024

Last Seen

Jun 6, 2026

Jul 5

First Seen

709d ago

Jun 6

Last Seen

8d ago

Reports

source reports

48%

Confidence

medium

Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

48%

Signal Score

48 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

52 techniques

Network Information

Country

United States

RegionHong Kong, Kowloon

ASNAS45102

OrganizationAlibaba Cloud - HK

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

20 reports48% confidence

Source reports

48%

Confidence score

Category tags

aaaaacceptaccept encodingaccount securityactive scanactive scanningaddressadult content hostingalertsanalysis dateapacheasiaasnone relatedav detectionsazerbaijan asnbackdoorblog vonbodybotnetbotnet activitybotnet iocsbotnet miraibotnet propagationbrute forcebrute force attackerchromecivil servicesck idck matrixclick-based attackcommandcommand and controlcompromise ipv4compromised communicationconnected devicescorporate lawcredential accesscredential harvestingcredential stuffingcredential theftcryptocurrencycryptocurrency threatscryptojackingcycbotdata exfiltrationdata store exposuredclocalddosddos attacksdecoy systemdefense evasiondelete cdenial of servicedennis schrderdennis schroderdevice managementdistributed attacksdns attackdnssecdynamicloaderdyndns domainelementemailsencryptencryptionentrieset smtpeuropeexploitationexploitation activityfilesfiles ipfinancefor privacyformatfoundfraudgeckogermany asngorillabotgovernment technologyguardhello2malwarehelloworldhighhkhong konghosthostname addhostname enumerationhstrhttp attackhttps domainhttps proxyhybrididentity & access exploitationids detectionsiframeindustrial iotinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinput validation bypassinsertinstallintellectual property lawinternet of thingsiocsiot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attackipv4ipv4 addipv4 portircit infrastructurejapan unknownkhtmlkiller geckolaw practicelearnlegal consultinglegal researchlegal sectorlegal serviceslegal technologylesslevel domainlinuxlocalmalicious linksmalicious softwaremalwaremanualmediummessagemetadata analysismirai botnetmirai internetmitre attmovedmoviemsiename serversname tacticsnamed pipenetworknetwork scanningnetwork securitynext associatednidsnorth americaok acceptoperating system securityoutlawpassive dnspath traversalpdf libraryphishingphishing attackphone interceptionportpragmapresentpresent junpresent novpresent sepprocess injectionprotocol exploitationproxproxypublic administrationpublic infrastructurepublic policyransomransomwarereconnaissancerecord valueredacted forregulatory agenciesregulatory compliancerelated pulsesremote accessresearchedresource hijackingreverse dnsscams & fraudscannerscanning activityscript domainsscript urlsself-signedserverssite topsmart devicessocial engineeringsocial media securitysocks proxysoftware developmentspamssh attacksslstealsstringst1021t1021.001t1027t1031t1040t1045t1055t1057t1059t1060t1063t1069t1071t1071.001t1078t1083t1105t1110.002t1113t1119t1133t1140t1190t1203t1204.001t1204.002t1210t1480t1486t1496t1497t1499.001t1499.002t1499.003t1553t1565t1566t1566.001t1566.002t1566.003t1567.001t1568t1583t1583.005t1587.001t1589.001t1590t1590.001t1595.001t1595.002t1595.003t1598telnet threatthingsthreat actorthreat intelligencetls snitoggletor nodetotaltrojan malwaretrojandroppertwittertype indicatorunitedunited kingdomunited statesurlsuser executionverdictvpnweb application attackweb application exploitationweb exploitationweb securityweb spamwindows ntwritewrite cxmrigxserverxxx adultyara detectionsyara rule

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

48%

Confidence

Reports

First seenJul 5, 2024

Last seenJun 6, 2026

GeolocationUS

CountryUnited States

LocationHong Kong, Kowloon

ASNAS45102

OrgAlibaba Cloud - HK

Coords22.3193, 114.1690

ProxyVPN

VirusTotal

Not checked

WHOIS

description: proxy-proxy_http search result.
raw: inetnum: 47.0.0.0 - 47.255.255.255 netname: IANA-NETBLOCK-47 descr: This network range is not allocated to APNIC. descr: descr: If your whois search has returned this message, then you have descr: searched the APNIC whois database for an address that is descr: allocated by another Regional Internet Registry (RIR). descr: descr: Please search the other RIRs at whois.arin.net or whois.ripe.net descr: for more information about that range. country: AU admin-c: IANA1-AP tech-c: IANA1-AP remarks: For general info on spam complaints email [email protected]. remarks: For general info on hacking & abuse complaints email [email protected]. mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-APNIC-AP status: ALLOCATED PORTABLE last-modified: 2008-09-04T06:51:28Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC

`47.238.128.246`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy