Check an IP Address, Domain Name, Subnet, or ASN

47.238.111.183 was found in our database!

$ whois 47.238.111.183

country·🇭🇰 Hong Kong

city·Hong Kong

isp·Alibaba US Technology Co., Ltd.

asn·AS45102

network·Standard

$ sikker risk 47.238.111.183scoring →

confidence

88%Very High

first_seen·Mar 31, 2026

last_seen·1h ago

sessions·82

events·82

$ sikker protocols 47.238.111.183

SIP

34 / 34

HTTPS

14 / 14

MONGODB

13 / 13

IMAP

10 / 10

RDP

5 / 5

FTP

2 / 2

HTTP

2 / 2

MSSQL

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 47.238.111.183

47.238.111.183 has a threat confidence score of 88%. This IP address from Hong Kong (AS45102, Alibaba US Technology Co., Ltd.) has been observed in 82 honeypot sessions targeting SIP, HTTPS, MONGODB, IMAP, RDP and 4 other protocols. First observed on March 31, 2026, most recently active April 2, 2026.

$ sikker behaviors 47.238.111.183catalog →

mediumRdp Legacy Plaintext Authentication Attempt1x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

lowElastic Service Validation And Index Enumeration1x

Client first performs a generic request to the Elasticsearch root endpoint to verify service availability, then proceeds to request /_cat/indices. This sequence reflects staged Elasticsearch reconnaissance where the actor validates that the cluster is reachable before attempting index enumeration and data exposure assessment. Compared to direct index enumeration behaviors, the interaction begins with a service-validation step, suggesting adaptive probing rather than immediate Elasticsearch-specific targeting.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 47.238.111.183

elastic_http_get_request4 ftp_user_probe2 http_method_get2 ftp_list_directory2 ftp_set_ascii_mode2 ftp_print_working_directory2 ftp_enter_extended_passive_mode2 https_path_root1 ftp_help_request1 elastic_root_path_probe1 ftp_feature_list_request1 elastic_cat_indices_enumeration1 rdp_legacy_plaintext_authenthication1

$ sikker related 47.238.111.183

🇭🇰·More threats fromHong Kong→AS·More threats fromAlibaba US Technology Co., Ltd.→SIP·More threats targetingSIP→HTTP·More threats targetingHTTPS→MONG·More threats targetingMONGODB→IMAP·More threats targetingIMAP→RDP·More threats targetingRDP→FTP·More threats targetingFTP→HTTP·More threats targetingHTTP→MSSQ·More threats targetingMSSQL→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
47.83.223.245	83%	6,903
8.210.28.151	88%	163,820
43.99.92.13	82%	546
47.243.151.182	73%	111
43.110.32.33	97%	247

IP Address	Confidence	Events
47.83.223.245	83%	6,903
8.210.28.151	88%	163,820
43.99.92.13	82%	546
47.243.151.182	73%	111
172.110.223.65	97%	6,821