52.204.121.99 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 52.204.121.99 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

• Mitre ATT&CK IDs: T1005 - Data from Local System, T1010 - Application Window Discovery, T1027 - Obfuscated Files or Information, T1033 - System Owner/User Discovery, T1055 - Process Injection, T1056.001 - Keylogging, T1056 - Input Capture, T1057 - Process Discovery, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1106 - Native API, T1110 - Brute Force, T1114.002 - Remote Email Collection, T1114 - Email Collection, T1129 - Shared Modules, T1176 - Browser Extensions, T1210 - Exploitation of Remote Services, T1213 - Data from Information Repositories, T1218 - Signed Binary Proxy Execution, T1408 - Disguise Root/Jailbreak Indicators, T1421 - System Network Connections Discovery, T1422 - System Network Configuration Discovery, T1427 - Attack PC via USB Connection, T1428 - Exploit Enterprise Resources, T1429 - Capture Audio, T1491 - Defacement, T1497 - Virtualization/Sandbox Evasion, T1518 - Software Discovery, T1546 - Event Triggered Execution, T1547 - Boot or Logon Autostart Execution, T1566 - Phishing, T1571 - Non-Standard Port, T1573 - Encrypted Channel, TA0011 - Command and Control, TA0030 - Defense Evasion

• Tags: 10252, 135deg, 15px, 180deg, 255a, 409764, accept, acint, address, adfunction, admin country, agent, agent tesla, agenttesla, ahlin bjerrome, albania, alexa, alexa top, all octoseek, all search, android, animation, anti-detection, apache, appdata, apple, apple id, appleid, apple ios, areasmodule, arial, armenia, array, artemis, as11042, as141773, as15169 google, as17506 arteria, as17806 mango, as19969, as32244 liquid, as49505, as61317, as63932, ascii text, ascio, ascio domains, ascio partner, asnone united, asyncrat, attack, authentihash, azorult, baaa, back, backspace, bank, banker, baskerville, bazaloader, bazarloader, bcdiefguxx, beginstring, belarus, bind, bitminer, black, blacklist, blacklist http, blacklist https, bladabindi, blin, blob, blockchain, body, body length, boolean, bradesco, bundled, burkina, burma, caaa, caca, caca4baaa, cacf, caea, chad, checkbox, checker, child, christmas, cisco umbrella, ck id, ck matrix, class, cleaner, click, close, closure library, cloudflare, cobalt strike, code, comcast tmobile, communicating, conduit, constructor, cont, contact, contacted, context, copy, copyright, core, country, covid19, crack, createclass, create new, creation date, critical, cry kill, csc corporate, cuba, cve201711882, cyberstalking, cyber threat, cyberwar, cymulate2, czech, d67a60, dapato, date, debugger evasion, dehu, deleted, desktop, detection list, detplock, diefg, dllinject, dns replication, domain, domain related, domains dropped, domdata, downldr, download, downloader, driverpack, dropped, dropper, duip, elf wgetboat, emotet, encpk, encrypt, en de, engineering, entries, entropy chi2, error, et tor, evasive, execution, exit, expiration, expired, facebook, factory, fail, fakeinstaller, falcon, fali contacted, fali malicious, false, file, filehashmd5, filehashsha1, filehashsha256, files, file size, filetour, file type, fill, final, first, flip, flip direction, float32array, form, format, formbook, forwardref, function, fusioncore, fwir, fz5i, g8m7ft2s1tv, ganda, general, generator, generic, generic malware, getclass, getprocaddress, github, global whois, gmt content, gmt contenttype, gondi, green, group, guid, hacktool, harmony, headers, hello, helvetica neue, heur, hexchars, hide, highly targeted, historical ssl, hlwq, hooks, hostname, hr rtd, htmlcollection, htmlelement, http response, hybrid, hyper island, iana id, icelandic, icloud, id, idns, iframe, immediate, import, indicator, indonesia, infinity, infor, init, insert, installation, installcore, installer, installpack, intel, inter, internal, internet storm, invert, iobit, iocs, ip detections, ip summary, ipv4, january, japan unknown, join today, json, julian garnier, kb body, keep alive, keylogger, known tor, kraddare, kyriazhs1975, l420, launcher, loader, loadmoney, local, localappdata, lockbit, login en, look, lookback, love, lucia, magic pe32, major, malicious, malicious site, maltiverse, malvertizing, malware, malware norad, malware site, martin, matrix, media, mediaget, meta, meterpreter, methodget, metro, mexico, middle, million, milum, minecraft, miner, mirai, misc attack, mit license, mitre att, model, months ago, moved, msil, ms windows, name verdict, nanocore, nanocore rat, natb, netlify, netlify edge, netwire rc, network, network ascii text, networm, neworder.doc, next, nfunction, njrat, node traffic, no expiration, noname057, noscroll, null, number, object, open, outbreak, override, panama, paraguay, param, partner, pass, passive dns, path, pattern match, payment, paypal, pcnd, pdf report, pe resource, persistence, phish, phishing, phishing site, phishtank, phonenumber, png image, pony, portal, predator, presenoker, promise, prop, property, pseudo, pulse pulses, pulse use, push, python, qakbot, qbot, qnull, quasar, raccoon, ransom, ransomexx, ransomware, read, record type, redemption, redline, redline stealer, reduceright, referrer, refresh, regexp, registrar, registrar abuse, relayrouter, remcos, remote cnc, response, restart, riskware, rockn, rostpay, ruby, runescape, russia unknown, rust, safe site, sample, samples, scale, scan endpoints, script, scroll, search, sections, server, service, serving ip, sha256, shadowsizzle, shift, show technique span, silk road, silly, site, skew, skip, slave, slice, slovakia, small, smauthreason0, smokeloader, softonic, source, span, spinkit, spotify, sprintf, spyrixkeylogger, spyware, ssdeep, ssl certificate, ssnull, status code, stealer, stealthyness, stop animation, streams size, string, strings, strong, subdomains, summary, super, suppobox, suspense, switch dns, swrort, symbol, syntaxerror, systweak, tag count, targetsmhttps, tbh0, team, tech email, this, threat report, threat roundup, tlds, tlds offered, tobias, tobias ahlin, tools, trident, trid generic, trim, trojan, trojanspy, tsara brashears, ttl value, twitter, type, type33554433, typeerror, typeof, typeof c, typeof define, typeof e, typeof f, typeof module, typeof n, typeof s, typeof symbol, typeof t, uaaa, uint8array, ukraine, unauthorized, union, united, unknown, unsafe, updater, url, url http, url https, urls, url summary, urls url, uruguay, valr, verify, vhash, vhyj, vidar, video, view, view project, void, vt report, waaa, wacatac, wannacry kill, weakmap, whois record, who’s driving, widget, width, win32 dll, win32 exe, win64, windows nt, wrap, writes data to a remote process, x7am, xcnfe, xdfunction, xobo, yaaa, zulu

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network: AS14618 amazon.com inc.
• Noticed: 9 times
• Protcols Attacked: SSH
• Countries Attacked: Bangladesh, Malaysia, United States of America
• Passive DNS Results: edu.yzzpan.com www.forga.io forga.io nfp7uk9.impervadns.net global.yunzhongzhuan.com http.yunzhongzhuan.com v1.cryptofighters.io dataclass.co bailamoshonduras.com advocaatrochtus.be www.a-nerds-word.com wildfire.com.au earlybirdao.com ninjacampus.io designtechnologist.club www.designtechnologist.club inteliot.dev littleofficeofdivinewrath.info www.ciaranshan.com eliaugur.com ellieaugur.com augur.id augur.im augur.pub augur.email augur.domains www.augur.domains augur.cc augur.tel blocktransfer.io elsaiggiotti.com osmpowerups.com asherlzr.com lyaff.com jot.tedsummer.com markthedog.com nonoise-tappiauricolari.it nonoise-insertiauricolari.it www.metroplexzero.com metroplexzero.com bytesizedtruth.com bytesizetruths.com d-average.com d-avg.com bitesizetruths.com bytesizetruth.com socialdistancefromsocialmedia.com soujunior.tech www.practicalelectronics.co.zw dolcevitaseas.com littletinrocket.com kata-log.rocks ainerd.love vielfalt-karben.de www.adgb.me adgb.me persistentdemocracy.org www.ppelync.com metaversus.doctor www.docs.snipeyes.com docs.snipeyes.com firstness.org arcaneadventures.net writepad.xyz bri.cx www.bri.cx auditrocket.com ilovebrownsshoefit.com www.letsbeour.best www.indiecourse.co dansmithux.com drastic.site alexarntzen.com filipepina.com iamaan.live store.borisfx.com mocha-pro.com openstanding.com rebalancer.app www.cognio.dev wirelesschargers.org hotasdb.com daanbeverdam.nl daanbeverdam.com dltime.cc www.dltime.cc thetownsquare.co.uk zhonghanxinxi.com www.zhonghanxinxi.com glennespinosa.com sarahavenir.com studiofootnotes.com bublik.cloud basn.live goodgiftsforkids.com www.goodgiftsforkids.com mycartlauncher1.com robcurry.co.uk baccichet.org futuremood.com www.futuremood.com seiko.health upscaleerp.com genesmith.org register.affiliate.indexx.ai stoneamber.com liampercy.com makeusrich.org viviennovak.com ranking.infludata.com milan.serverlessdays.io alliejones.dev foodandmigration.com caley.dev 333interiors.com lpdesigndetails.com thetamworthphotographer.co.uk victorbp.site ullianassessoria.com.br serverlessdays.io infowaregroup.com housecraftapp.com hurenfickwurst.net www.hurenfickwurst.net devhouse.live tackingtowardshappiness.com iskaposmeatmarket.com booldigital.com www.booldigital.com tausquared.net flawlessexecution.gg www.flawlessexecution.gg meltblown.sa www.lian.land louisehermosa.com fryinnlostockhall.online chrisarnold.co parkfinder.net societedelavie.com nssaa.com durhack.com www.durhack.com transport.studio charm.ooo freepizza.download kdflowers.ca www.kdflowers.ca www.appseam.com lilylapidese.com katzorke.io natlconcessionsgroup.com superorg.ca resilienthawaii.org allcontributors.com venturegears.net foww-icons.spilth.org amschel.rocks jielunzhang.com jielunz.com www.jielunzhang.com lowjiansheng.com wednesdayagency.com b.egelund-muller.com redeueberwege.de trevorprofitt.xyz aka-sushi.ca avenir.app thousandwor.de www.thousandwor.de birdfeeding.uk carol.gg commonsensecomputerscience.com lrwallace.com danielgrefberg.com www.kachisub.com kachisub.com ronna.bio philastemdirectory.org laskiaisrieha.fi kingstreetfishbar.online www.yunzhongzhuan.com yunzhongzhuan.com mojotech.design jbuget.fr appstand.ch www.appstand.ch advanture.amandoabreu.com reignsafety.com bannerbear.com matiashernandez.dev apidoc.toonito.com www.contenttool.io contenttool.io getqed.io 128collective.org squeakyvessel.com akanksha.io ye-ole.dev xy.baby morak.ca www.mainstbiz.com mainstbiz.com lproyale.com www.bcpro.foundation gamepuro.com travelnursing.org stylemapper.net www.day-knight.co.uk day-knight.co.uk sfdc-code.com hareal.com brakeforit.com themystique.com editorchoice.com desafiomundial.com dadpatrol.com hivemedia.com thisiswhyimsingle.co giveitlove.com moneypop.com exploredplanet.com vidabrilhante.com trend-chaser.com hmg.capital japacrunch.com factable.com thisiswhyimsingle.com manmadediy.com bavardist.com higherperspective.com modernhomelife.com quizscape.com idolator.com cuteemergency.com lifestylelatino.com lvtimes.com hooch.net gamedaynews.com exploredhistory.com postfun.com healthygem.com dailyfunny.com buzznet.com thecouplething.com bleacherbreaker.com tacorelish.com purevolume.com joeloliveira.com uva.engineer app.uva.engineer communitycarebeaverdam.net ortoplant.com handfetishrecords.com www.handfetishrecords.com elrich.photos bandclead.com almogkoren.com glassfy.io glassfy.net glassfyhq.com fuckyou.name higham.coach dns-managed.com stgng.space www.nyldn.com app.ourshop.africa mint.mellofello.wtf frizerski.studio summaresidential.com clarity.tools in500.indexx.ai kumnegerapp.com memorai.com www.meester.xyz meester.xyz helloconverters.com www.helloconverters.com empresaula.cat www.rohanchougule.in rohanchougule.in augur.family www.getsellersidekick.com getsellersidekick.com www.drilling.mccue.dev drilling.mccue.dev squib.app www.squib.app nicolabolton.co www.nicolabolton.co whatletter.app heathergerchberg.com www.rahivarsani.com www.utc24.io luckyfoxnft.xyz yup.com emojigo.app apato.xyz www.jamessam.com jamessam.com www.thisshouldbehousing.com thisshouldbehousing.com shigyokaigo.jp 24365.work art.magusmabus.org beta.securemonday.com webdesignrepo.com flowmo.co didhack.com taxibooker.app demandleads.co burntcreekcustom.com gallerygallery.space timothygroup.org www.timothygroup.org nls.systems georgeyk.dev www.zapit.io www.eventihub.com eventihub.com www.vickypedia.dev vikastiwari.net vickypedia.dev www.pfc.ms www.gyanendracement.store sandmbuildings.com neutrinosolusi.id pristine-tech.com trander.fr work.betta.io www.ddraiggwyn.com gwynddraig.com ddraiggwyn.com www.louiedinh.com louiedinh.com iflux.ir kna-design.com sebastianranchprojects.com alexandrunastase.com logiciel-durable.com www.logiciel-durable.com logicieldurable.com www.logicieldurable.com johannablom.com kaprepper.com bnlarose.com www.smallsaucepan.com smallsaucepan.com lukekarrys.com jitters-coffee.com 6star.pw www.randomorchestra.de randomorchestra.de jeronimomussini.com mortgagio.com chiefhustler.com joelpedersen.com nonzero.ai peppanddolores.com laurencediver.net growlabcrm.com onlowkey.com reviziegaz.ro arteagabriel.io www.arteagabriel.io filetypechecker.com christopherleedham.com www.christopherleedham.com powerbalance.xyz hrishikesh0000.tech dronesare.fun traceyplumbing.com s-c.sh serrander.dev tocsoft.co.uk havenlights-band.com www.havenlights-band.com matix.ca simpleproduct.page trycatchfinally.dev jackhenry.design json.buzz opticonnect.id tigranmuradyan.com dishababe.me tyddata.com www.tyddata.com www.watters.love watters.love www.zachantosko.com cudos.animus.is jamesalt.com sharpcutsaustin.com dagos.dev markdorison.com scoutvet.com s.kmd.one solenec.fr mohst.it madebybill.co.uk thevaccinechallenge.com gachan.ai evrenkass.com linkbrary.app jwofles-sims.com ikuinen.sill.is khalidforamerica.com khalidabuhakmeh.dev abstract.systems godlyprincess.com christianclimer.com haseebmajid.dev cgapratim.com simonwatsonarts.com wordwithfriendscheat.com www.wordwithfriendscheat.com www.dreamdrew.ca dreamdrew.ca www.rehomebase.com the-viceroy.in alexduckmanton.com osholopa.com euroclonality.org buildpath.com www.fractalinsights.co.zw www.ninadphadke.com ninadphadke.com upvotecity.com www.dustinsmith.dev dustinsmith.dev george.rest df.dev www.rusnak.cool rusnak.cool mylifeinamber.com cyberprint.co.uk www.cyberprint.co.uk www.benbriggs.me benbriggs.me killerbee.app dijunliu.com prodbyaman.com www.jorgevera.net paulcpederson.com astrolet.co jimlamb.design www.lucapesavento.com pesavento.me lucapesavento.com islamhassan.me islamhassan.com iahvector.com islamhassan.dev lovejms.com journalism.blainehansen.me herostrat.us helenas-nursery.com trallard.dev clapit.zone constructionfelixbazin.com chrisrichards.co.uk decidr.app gandbenterprisesjc.com cantbeevil.app em.link polyominoes.club www.polyominoes.club lucaguidi.com bentu.uk jetnectar.com iljapanic.com slides.ciclolabs.com urbanized.fyi betakuang.me www.coffeeincodeout.dev coffeeincodeout.dev inkcloud9.com adf.one warriorridesjc.com leadershipneverstops.org wanderlust.reisen hastejs.com radianite.app designyourseal.com pro-ing.com vuemontreal.org cartbear.io yogizef.fr ixd.ai www.ixd.ai mattwilliams.dev doberman.co prestonwernerventures.com uyemurachoicedentistry.com gaugebuilt.com www.gaugebuilt.com austinbitdevs.com getcountdowns.com tomeriemwithlove.com theworkingparty.com.au campeonescup.com

Open Ports Detected

443 80

Map

Whois Information

• NetRange: 52.192.0.0 - 52.223.191.255
• CIDR: 52.223.128.0/18, 52.208.0.0/13, 52.192.0.0/12, 52.216.0.0/14, 52.220.0.0/15, 52.223.0.0/17, 52.222.0.0/16
• NetName: AT-88-Z
• NetHandle: NET-52-192-0-0-1
• Parent: NET52 (NET-52-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Amazon Technologies Inc. (AT-88-Z)
• RegDate: 2015-09-02
• Updated: 2020-09-24
• Ref: https://rdap.arin.net/registry/ip/52.192.0.0
• OrgName: Amazon Technologies Inc.
• OrgId: AT-88-Z
• Address: 410 Terry Ave N.
• City: Seattle
• StateProv: WA
• PostalCode: 98109
• Country: US
• RegDate: 2011-12-08
• Updated: 2022-09-30
• Comment: All abuse reports MUST include:
• Comment: * src IP
• Comment: * dest IP (your IP)
• Comment: * dest port
• Comment: * Accurate date/timestamp and timezone of activity
• Comment: * Intensity/frequency (short log extracts)
• Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
• Ref: https://rdap.arin.net/registry/entity/AT-88-Z
• OrgRoutingHandle: IPROU3-ARIN
• OrgRoutingName: IP Routing
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
• OrgAbuseHandle: AEA8-ARIN
• OrgAbuseName: Amazon EC2 Abuse
• OrgAbusePhone: +1-206-555-0000
• OrgAbuseEmail: abuse@amazonaws.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
• OrgNOCHandle: AANO1-ARIN
• OrgNOCName: Amazon AWS Network Operations
• OrgNOCPhone: +1-206-555-0000
• OrgNOCEmail: amzn-noc-contact@amazon.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
• OrgRoutingHandle: ARMP-ARIN
• OrgRoutingName: AWS RPKI Management POC
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
• OrgTechHandle: ANO24-ARIN
• OrgTechName: Amazon EC2 Network Operations
• OrgTechPhone: +1-206-555-0000
• OrgTechEmail: amzn-noc-contact@amazon.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN

Links to attack logs

****** ****** ******