Check an IP Address, Domain Name, Subnet, or ASN

47.251.93.227 was found in our database!

Confidence Level

92%

Very High?

Geolocation

🇺🇸

United States

ISPAlibaba US Technology Co., Ltd.

ASNAS45102

Activity Timeline

First seenJan 24, 2026, 12:40 AM

Last seen8h ago

First reportedMar 3, 2026, 05:10 AM

Last reported3d ago

115Sessions

674Events

1Reports

Protocol Breakdown

HTTPS

41 / 541

HTTP

20 / 35

IMAP

11 / 21

REDIS

10 / 20

POSTGRES

9 / 18

FTP

8 / 11

TELNET

7 / 11

MONGODB

2 / 9

MSSQL

6 / 6

SMB

1 / 2

47.251.93.227 has a very high threat confidence level of 92%, originating from United States, on the Alibaba US Technology Co., Ltd. network (45102). It has been observed across 115 sessions targeting HTTPS, HTTP, IMAP, REDIS, POSTGRES and 5 other protocols, First observed on January 24, 2026, most recently active March 6, 2026.

Behaviors

Classified behavioral patterns observed

Redis Service Fingerprint Enumeration

low5x

Identifies Redis service discovery and basic environment enumeration where an actor probes with invalid commands, validates availability using PING, retrieves server metadata via INFO (case variations), and gracefully exits with QUIT. This pattern is commonly used to fingerprint exposed Redis instances before exploitation.

Redis Automated Service Fingerprinting Sequence

low5x

Identifies an automated Redis service probing sequence consisting of PING, INFO (uppercase invocation), execution of a deliberately nonexistent command to assess error handling behavior, and QUIT. This tightly grouped pattern reflects reconnaissance and fingerprinting activity used by scanners and exploitation frameworks to determine Redis version, configuration details, and command availability prior to follow-on exploitation attempts. The inclusion of a nonexistent command indicates capability probing rather than normal client interaction.

Http Root Path Request

info6x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Http Bad Request Route Probe

info1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

Primitives

Individual actions observed

Https Path Root246 Http Method Get9 Redis Ping5 Redis Quit5 Redis Info Uppercase5 Redis Nonexistent Command5 Http Path Bad Request3 Mongodb Ismaster2

User Reports

1 report from 1 contributor

Date	Category	Protocol	Comment
Mar 3, 2026	Brute Force	FTP	SikkerGuard: 2 blocked packets

Related Threats

Explore related threat intelligence

🇺🇸More threats fromUnited States ASMore threats fromAlibaba US Technology Co., Ltd.HTTPSMore threats targetingHTTPS HTTPMore threats targetingHTTP IMAPMore threats targetingIMAP REDISMore threats targetingREDIS POSTGRESMore threats targetingPOSTGRES FTPMore threats targetingFTP TELNETMore threats targetingTELNET MONGODBMore threats targetingMONGODB MSSQLMore threats targetingMSSQL SMBMore threats targetingSMB { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
47.238.238.18	90%	21,488
47.84.17.50	75%	3
47.253.5.130	98%	440
8.215.38.113	85%	41
8.209.246.104	96%	135

IP Address	Confidence	Events
92.118.39.63	100%	22,019
104.243.45.20	100%	44,713
167.94.138.184	30%	2,407
20.221.72.95	68%	100
104.23.245.66	2%	16