{ "ai_summary": "The IP address **47.84.196.31** is assigned to **Alibaba (US) Technology Co., Ltd.** (AS45102), geolocated to Singapore, and presents a **Medium** risk (score: 32). This rating is driven by its listing in threat intelligence feeds (**FireHOL Level 3** and **IPsum**) and a single **honeypot interaction** within the last 48 hours, though no direct malicious activity (e.g., malware, proxy, VPN) is confirmed. The host has **port 22 (SSH) open** on its own system, which is common but can attract scanning. Given the feed listings and honeypot event\u2014but absence of clear malicious intent\u2014the recommended action is to **monitor** this IP for any further suspicious connections, rather than implement an immediate block.", "collected_at": "2026-05-26 14:14:53 UTC", "dnsbl": { "b.barracudacentral.org": { "status": "not listed" }, "bl.spamcop.net": { "status": "not listed" }, "blacklist.woody.ch": { "status": "not listed" }, "cbl.abuseat.org": { "status": "not listed" }, "combined.abuse.ch": { "status": "not listed" }, "combined.rbl.msrbl.net": { "status": "not listed" }, "dnsbl.cyberlogic.net": { "status": "not listed" }, "dnsbl.sorbs.net": { "status": "not listed" }, "drone.abuse.ch": { "status": "not listed" }, "dul.dnsbl.sorbs.net": { "status": "not listed" }, "dul.ru": { "status": "not listed" }, "dynip.rothen.com": { "status": "not listed" }, "http.dnsbl.sorbs.net": { "status": "not listed" }, "images.rbl.msrbl.net": { "status": "not listed" }, "ips.backscatterer.org": { "status": "not listed" }, "korea.services.net": { "status": "not listed" }, "misc.dnsbl.sorbs.net": { "status": "not listed" }, "noptr.spamrats.com": { "status": "timeout" }, "ohps.dnsbl.net.au": { "status": "not listed" }, "omrs.dnsbl.net.au": { "status": "not listed" }, "osps.dnsbl.net.au": { "status": "not listed" }, "osrs.dnsbl.net.au": { "status": "not listed" }, "owfs.dnsbl.net.au": { "status": "not listed" }, "pbl.spamhaus.org": { "status": "not listed" }, "phishing.rbl.msrbl.net": { "status": "not listed" }, "probes.dnsbl.net.au": { "status": "not listed" }, "proxy.bl.gweep.ca": { "status": "not listed" }, "rbl.interserver.net": { "status": "not listed" }, "rdts.dnsbl.net.au": { "status": "not listed" }, "relays.bl.gweep.ca": { "status": "not listed" }, "relays.nether.net": { "status": "not listed" }, "residential.block.transip.nl": { "status": "not listed" }, "ricn.dnsbl.net.au": { "status": "not listed" }, "smtp.dnsbl.sorbs.net": { "status": "not listed" }, "socks.dnsbl.sorbs.net": { "status": "not listed" }, "spam.abuse.ch": { "status": "not listed" }, "spam.dnsbl.sorbs.net": { "status": "not listed" }, "spam.rbl.msrbl.net": { "status": "not listed" }, "spam.spamrats.com": { "status": "not listed" }, "spamrbl.imp.ch": { "status": "not listed" }, "t3direct.dnsbl.net.au": { "status": "not listed" }, "ubl.lashback.com": { "status": "not listed" }, "ubl.unsubscore.com": { "status": "not listed" }, "virus.rbl.jp": { "status": "not listed" }, "virus.rbl.msrbl.net": { "status": "not listed" }, "web.dnsbl.sorbs.net": { "status": "not listed" }, "wormrbl.imp.ch": { "status": "not listed" }, "xbl.spamhaus.org": { "status": "not listed" }, "zen.spamhaus.org": { "status": "not listed" }, "zombie.dnsbl.sorbs.net": { "status": "not listed" } }, "fqdn": "47.84.196.31", "honeypot": { "configured": true, "count": 1, "found": true, "ip": "47.84.196.31", "status": "ok", "time_range": "48h" }, "ip": "47.84.196.31", "osint": { "asn": "AS45102", "city": "", "country": "Singapore", "country_code": "SG", "latitude": 1.3667, "longitude": 103.8, "malicious": false, "malicious_sources": [ ], "organization": "Alibaba US Technology Co., Ltd.", "proxy": false, "proxy_sources": [ ], "ptrrecords": [ ], "region": "", "timezone": "Asia/Singapore", "tor": false, "tor_sources": [ ], "vpn": false, "vpn_sources": [ ] }, "portscan": [ { "banner": "", "port": 22, "service": "SSH" } ], "risk_label": "Medium", "risk_score": 32, "risk_summary": "47.84.196.31 \u2014 Risk: Medium (32/100). Risk factors: 2 URL feed(s) listed; honeypot activity (1 events).", "summary": { "dnsbl_checked": 51, "dnsbl_listed": 0, "listed_on": [ "FireHOL Level 3", "IPsum" ], "total_listed": 2, "url_feed_entries_total": 5067777, "url_feeds_checked": 39, "url_feeds_listed": 2 }, "tlscert": { }, "traceroute": [ { "addr": "172.17.0.1", "addr_type": "Private", "asn": "", "city": "", "country": "", "country_code": "", "hop": 1, "is_destination": false, "latitude": null, "longitude": null, "org": "", "region": "", "rtt_ms": 0.03 }, { "addr": "169.254.169.254", "addr_type": "Private", "asn": "", "city": "", "country": "", "country_code": "", "hop": 2, "is_destination": false, "latitude": null, "longitude": null, "org": "", "region": "", "rtt_ms": 0.43 }, { "addr": "100.100.100.1", "addr_type": "Reserved", "asn": "", "city": "", "country": "", "country_code": "", "hop": 3, "is_destination": false, "latitude": null, "longitude": null, "org": "", "region": "", "rtt_ms": 0.38 }, { "addr": "10.78.1.161", "addr_type": "Private", "asn": "", "city": "", "country": "", "country_code": "", "hop": 4, "is_destination": false, "latitude": null, "longitude": null, "org": "", "region": "", "rtt_ms": 0.86 }, { "addr": "10.78.2.13", "addr_type": "Private", "asn": "", "city": "", "country": "", "country_code": "", "hop": 5, "is_destination": false, "latitude": null, "longitude": null, "org": "", "region": "", "rtt_ms": 0.57 }, { "addr": "10.78.2.6", "addr_type": "Private", "asn": "", "city": "", "country": "", "country_code": "", "hop": 6, "is_destination": false, "latitude": null, "longitude": null, "org": "", "region": "", "rtt_ms": 0.45 }, { "addr": "47.84.196.31", "addr_type": "Public", "asn": "AS45102", "city": "", "country": "Singapore", "country_code": "sg", "hop": 31, "is_destination": true, "latitude": 1.3667, "longitude": 103.8, "org": "Alibaba US Technology Co., Ltd.", "region": "", "rtt_ms": null } ], "url_feed_entry_counts": { "Abuse.ch Feodo Tracker": 5, "Abuse.ch Feodo Tracker Aggressive": 7607, "Abuse.ch SSLBL": 0, "AlienVault": 609, "Binary Defense": 1206, "Blocklist.de All": 23896, "Blocklist.de Apache": 8783, "Blocklist.de Bots": 2673, "Blocklist.de Postfix": 13589, "Blocklist.de SIP": 39, "Blocklist.de SMTP": 13589, "Blocklist.de SSH": 4924, "Blocklist.de StrongIPs": 292, "BlocklistDE": 668, "CINS Army": 15000, "DShield 1d": 28, "Emerging Threats botcc": 1651, "EmergingThreats": 516, "Etnetera Aggressive": 452, "Feodo": 516, "FireHOL Abusers 1d": 4087, "FireHOL Abusers 30d": 136663, "FireHOL Anonymous": 2246409, "FireHOL Level 1": 4452, "FireHOL Level 2": 17849, "FireHOL Level 3": 13654, "FireHOL Level 4": 81359, "FireHOL Proxies": 2240581, "FireHOL Webclient": 334, "Greensnow": 5952, "IPsum": 122699, "Mirai Tracker": 0, "Spamhaus DROP": 1610, "Spamhaus EDROP": 0, "StopForumSpam Toxic": 56, "Team Cymru Full Bogons": 2939, "Tor Exit Nodes": 1278, "Tor Exit Nodes Fallback": 1278, "VoIPBL": 90534 }, "url_feeds": { "Abuse.ch Feodo Tracker": "not listed", "Abuse.ch Feodo Tracker Aggressive": "not listed", "Abuse.ch SSLBL": "not listed", "AlienVault": "not listed", "Binary Defense": "not listed", "Blocklist.de All": "not listed", "Blocklist.de Apache": "not listed", "Blocklist.de Bots": "not listed", "Blocklist.de Postfix": "not listed", "Blocklist.de SIP": "not listed", "Blocklist.de SMTP": "not listed", "Blocklist.de SSH": "not listed", "Blocklist.de StrongIPs": "not listed", "BlocklistDE": "not listed", "CINS Army": "not listed", "DShield 1d": "not listed", "Emerging Threats botcc": "not listed", "EmergingThreats": "not listed", "Etnetera Aggressive": "not listed", "Feodo": "not listed", "FireHOL Abusers 1d": "not listed", "FireHOL Abusers 30d": "not listed", "FireHOL Anonymous": "not listed", "FireHOL Level 1": "not listed", "FireHOL Level 2": "not listed", "FireHOL Level 3": "listed", "FireHOL Level 4": "not listed", "FireHOL Proxies": "not listed", "FireHOL Webclient": "not listed", "Greensnow": "not listed", "IPsum": "listed", "Mirai Tracker": "not listed", "Spamhaus DROP": "not listed", "Spamhaus EDROP": "not listed", "StopForumSpam Toxic": "not listed", "Team Cymru Full Bogons": "not listed", "Tor Exit Nodes": "not listed", "Tor Exit Nodes Fallback": "not listed", "VoIPBL": "not listed" }, "whois": { "abuse_email": "intl-abuse@list.alibaba-inc.com", "cidr": "47.74.0.0/15, 47.76.0.0/14, 47.80.0.0/13", "country": "US", "created": "2017-04-26", "ip_range": "47.74.0.0 \u2013 47.87.255.255", "netname": "AL-3", "org": "ALIBABA-CN-NET - Alibaba (US) Technology Co., Ltd., CN", "registrar": "", "status": "active", "updated": "2017-04-26" } }