Check an IP Address, Domain Name, Subnet, or ASN

47.242.20.42 was found in our database!

$ whois 47.242.20.42

country·🇭🇰 Hong Kong

city·Hong Kong

isp·Alibaba US Technology Co., Ltd.

asn·AS45102

network·Standard

$ sikker risk 47.242.20.42scoring →

confidence

96%Very High

first_seen·Mar 23, 2026

last_seen·just now

sessions·95

events·95

$ sikker protocols 47.242.20.42

SIP

25 / 25

RDP

20 / 20

IMAP

20 / 20

HTTPS

14 / 14

FTP

4 / 4

TELNET

4 / 4

RTSP

3 / 3

DOCKER

3 / 3

HTTP

2 / 2

$ sikker summary 47.242.20.42

47.242.20.42 has a threat confidence score of 96%. This IP address from Hong Kong (AS45102, Alibaba US Technology Co., Ltd.) has been observed in 95 honeypot sessions targeting SIP, RDP, IMAP, HTTPS, FTP and 4 other protocols. First observed on March 23, 2026, most recently active March 24, 2026.

$ sikker behaviors 47.242.20.42catalog →

mediumRdp Legacy Plaintext Authentication Attempt4x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

mediumRtsp Stream Attempt Minus Teardown1x

Client performs a full RTSP interaction sequence — OPTIONS, DESCRIBE, SETUP, and PLAY — indicating an attempt to initialize and access a media stream. This pattern reflects active interaction with a streaming service rather than simple probing, and is commonly seen when automated tools or unauthorized clients try to view exposed camera or RTSP feeds.

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 47.242.20.42

docker_get_method9 ftp_user_probe4 ftp_list_directory4 ftp_set_ascii_mode4 ftp_print_working_directory4 ftp_enter_extended_passive_mode4 rdp_legacy_plaintext_authenthication4 ftp_session_quit3 docker_list_containers_endpoint3 rtsp_setup2 rtsp_options2 rtsp_describe2 http_method_get2 ftp_help_request2 ftp_feature_list_request2 sip_call_id_alphanumeric_entropy2 rtsp_play1 https_path_root1

$ sikker related 47.242.20.42

🇭🇰·More threats fromHong Kong→AS·More threats fromAlibaba US Technology Co., Ltd.→SIP·More threats targetingSIP→RDP·More threats targetingRDP→IMAP·More threats targetingIMAP→HTTP·More threats targetingHTTPS→FTP·More threats targetingFTP→TELN·More threats targetingTELNET→RTSP·More threats targetingRTSP→DOCK·More threats targetingDOCKER→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
43.119.33.143	85%	13,478
47.239.252.212	100%	593
8.210.28.151	88%	147,555
8.216.133.44	97%	3,879
47.243.183.198	100%	760

IP Address	Confidence	Events
172.110.223.95	60%	131
172.110.223.48	98%	692
112.120.49.14	50%	401
172.110.223.64	98%	16,912
103.30.41.231	100%	927