52.216.96.162 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 52.216.96.162 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 43/100

Host and Network Information

• Mitre ATT&CK IDs: T1046 - Network Service Scanning, T1566 - Phishing, TA0011 - Command and Control

• Tags: aaaa, acceptranges, admitad meta, a domains, alerts, alive, all scoreblue, all search, amazons3, apache, apple, as14061, as197068 hll, as199386 zilore, as24940 hetzner, as26347, as29182 jsc, as3175 filanco, as3209 vodafone, as32244 liquid, as3320 deutsche, as3326, as44066, as44273 host, as58061 scalaxy, as59711 hz, as61400, as701 verizon, as7922 comcast, as9009 m247, asn as59711, authenticode, av detections, belarus unknown, best current, body, body doctype, center hr, certificate, china unknown, chrome, cloudfront, cname, code, communicating, connection, content length, contentlength, copy, cor cura, creation date, customer, cyber threat, cyprus unknown, date, date sat, delete, dga, dns, DNSpionage, dns resolutions, domain, domain names, dos executable, dropper, encrypt, entries, etpro, executable, expiration date, exploit kit, facebook, filehash, files, fileversion, for privacy, france unknown, generic, generic windos, germany unknown, global, gmt content, gmt contenttype, gmt etag, gmt expires, gmt path, gmt server, head body, header x64, hostname, html head, html public, http, httponly, iana, iana special, icann, icmp traffic, ids detections, ietf, info compiler, internet, ios, ip address, ip asn, ipv4, italy unknown, java, legal abuse, location united, malware, markmonitor, maxage2592000, maxage86400, medium, meta, meta http, mey, moved, msie, ms windows, name md5, name servers, net192, net1920000, nethandle, network, network_icmp, next, non dsp, os2 executable, otx scoreblue, otx telemetry, paris, passive dns, path, pe32 executable, please refer, pragma, present jan, privilege escalation, products, productversion, pulse pulses, pulse submit, putty, record value, redacted for, redirect, referrer, registrar, related nids, resolutions, reverse dns, russia unknown, scan endpoints, screenshot, script domains, script urls, search, server, server amazons3, set cookie, sexkompas, sha256, show, showing, spain unknown, spyware, status, thawte, thawte code, title, title error, tracking, trojan, twitter, type, type name, unique, united, united kingdom, unknown, url analysis, url http, url https, urls, virgin islands, virtualalloc, vs2005, vs2008, vs2008 sp1, w3cdtd html, whitelisted, whois whois, win16 ne, win32, win32 exe, write, x adblock, xcache miss, yara detections

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 4 times
• Protocols Attacked: SSH
• Countries Attacked: Chile, China, France, Germany, Netherlands, United States of America
• Passive DNS Results: gotpantheon.com members.questline.com ykeshiazamore-portfolio.com www.slayer.pro mtvernon-mo-realestate.com help.cloud.koin.com.br merrickapothecary.com telox.ca lizbuildsgames.com www.ajawsx1.org jebamo.com savkar.ai www.xzz.ca tailord.design smallgroup.com www.stschain.com usovlv.com www.onboarding.carepay.money www.smarthealthreport.com www.arcalogix.com s3-website.us-east-1.amazonaws.com www.petalive.com rollickin.global mattime.io animate910.com synapse-games.com sso.jellyvision.com inasiaforthe.world chuckglenn.com btwdoc.com 866areacode.net yesfit.com aau.com softsurroundingsoutlet.com blackbirdassociates.com chordgist.com keiji.com houseads.solebonapi.com www.telepeloronathon.com tylr.org openhumans.org advancedoutreach.click edifice-forte.com mygravitation.com vfw3285.org pct.edu sterlingvolunteers.info poweredbywe.com channelone.com highbond-gov.com files.vdoster.com freshdev.io www.drdetail.net epixhd.com player.fullcam.me mplovingadultdaycare.com ifarmer.com.br wooler.life rmcgibbo.org danielmikiten.com www.drogith.com www.smilecda.com t.fstracker.io laharadc.com gaiabyte.com pizzaandanal.com appcenter.neustar www.hill-country-piano-tuning.com daylight.co media.eremedia.com wpmucdn.com legendary.n3twork.com tandceverafter.com empleorank.com spaces.pm 2pixels.net resources.invertironline.com quicktime.tc.columbia.edu asherkhb.com billybiggs.com retrieve.com asktrim.com tbchelp.trimbleinsphere.com static.sendmagic.in sednev.com getbynder.com smpk-cbiz.s3-website-us-east-1.amazonaws.com roofwithsummit.com h3biomedicines.com decibelinsight.com enchant.com blinkylights.org easier-borrowing.com aiglobe.net 8thquartet.com goodnotesapp.com conacademy.org epilith.net listrakmobile.com broomeproductions.com fhtaichi.com dekalbgaragedoorrepair.net adoopegames.com emeeter.net geinitiative.org 2600wbrentridge.com dcipay.com bigbarrellcountryfestival.org shipsafetysurveys.org employeesafety101.com advancementcourses.com bucketlisttraveladventures.com bbarde.com auralactive.com getoja.com andrewcbrown.com klclick2.com 3tegames.com alettertomyself.com chrisboyd.net billegasconbdebillete.com maxwellvolz.com karateinvictoria.com maeveoregan.com uncynical.net idoky.com adomsi.com acrobatch.com mlbins.org dalailamaphilly.org harrypotterclock.com 3bgear.com protonome.com elasticbeanstalk.com crowstudios.com netmint.com chartnado.com gencar.co flowcomunicacao.com.br jora.co.za fluencia.com tomochikahara.com codeminer42.com cdn.rateabiz.com resources.giftbit.com smartgraphs.portal.concord.org raulaguilera.com newamerica2020.net caresconnection.com raveld.com adbooth.net adioapp.com gateguruapp.com www.pmex.com altscool.com 5wintelligence.com post-journal.com jimismoot.com artmosey.com datasciencegt.com healthhr.org crunchinator.com grupozapvivareal.com andrewsamuelsen.com webbstructuralengineering.com agvancelayers.net beartoothconsulting.com reubengreen.net fridayorange.org astroprint.info viajenaviagem.com.br babycareclub.org checkboxcaptcha.com smugen.net hubba.com alexng.com davidafick.com seekerbeer.com roothillcafe.com abielr.com cyrious.net contractpackingsoftware.com baby2bodyacademy.com njbrunner.com maximumhometheater.com okrobotgo.com nelibur.org apprey.net ipal.org arizonasfamilychiro.com adampkushner.com annebradylisws.com ascendpages.com socialscalingformula.com howmanydaysuntilarresteddevelopmentisback.com busybeaverdata.com export-products.com traviscistatus.com casaikeda.mx nicetryleveleleven.com ezautotransporter.com code-cyborg.com austincitysearch.com 42nd.club banking.2020.s3-website-us-east-1.amazonaws.com abmatik.com 8minuteworkoutapp.com fer.st shawndavis.net 2433winnemac.com thelearnstorm.org letsplayventures.com editionresidences.com gamedict.org finallycontent.com geez.org chemistrymatters.net edtechgainesville.com engagelytics.com oleocanthal.org iowabeercaves.com ottawaswimming.com zetetic.net amigoschevrolet.com.ar 01528.uk fiestaolepa.com haikuhome.com aquelesom.com.br gojorestaurant.com cgnetworks.com bigbarrellmusicfestival.net abpaws.com colocreditunion.org loan-option.com amazon-web-student.com bishophillfinancing.com wickedgoodcarinsurance.com mansworldclothing.com desservicenetwork.com arcusscale.com abouteliothouse.com danielstratievsky.com madisoncam.com 4c1.us wikifoundryattachments.com quantave.com durive.com andrebratten.com incentius.com chengyuanlai.com latenightsnaphacks.com garagedoorservicemableton.com cronofy.com scewpt.com canopymax.com davidsonwatercolor.com electionguide.org humanconnection.me 29labs.com 314coin.com ryansb.com cnradmissions.org simplicar.com mprep.com 2krstudios.com loansareavailable.com coopsbyty.com bina.com thescoop.org swarmdsp.com arkmeds.com.br drivendata.org dogbarkbox.com chatresponse.com opinia.com libertycpn.com dutchmandownspool.com bananusinfo.info kidslane.com acharlottedesign.com agrimmett.com commonmind.org depthsoflimbo.com dungeonhighwayadventures.com ccfpl.org homeimprovementquotes.com te2.io aeonsoftworks.com channeldir.com cloudpeeps.com cardaddy.com caira.com 1lm.com bestmusicrecorder.com chrisholtz.com actioniq.com davidtmurphy.com myreikiplace.com moserresearch.com perfectproductscompany.com boiatermo.net coolbakers.com dmca.com 560front.com freeskreen.com chineseboost.com fionamarks.net bayfront360.com singledigit.net aigee.org premium.pubnative.net socialscavenger.com notif.app-connecti.com antisnoringcentral.com spicandspanmarket.com pbxipsystems.com londry.co www.jessicatalbott.com disabuse.net relinker.notlong.com www.atech.com www.radiohead.net levelgate.com airbnbtripmatcher.com darrenandtammie.com www.gavelandgrand.com www.hungrymothergrocer.com 6694724537571.s3-website-us-east-1.amazonaws.com downloads.osv.io.s3-website-us-east-1.amazonaws.com jameslsutter.com mysrsportal.com complex-infinity.com hackforthesea.com harmonyhandsmassage.com infogenium.com benebite.com cyprusflat.net zangsfilms.com amizeta.com hairwearebeautyboutique.com alpinevb.com fliglio.com orangeparkmall.net howtoaccessdesignmachine.com zhu.nyc scanbuy.com graphenedb.com productstrategymeanssayingno.com blrxgroup.com portband.com fashiongps.com lsoverride.com dubscribe.com addisonauto.com avatarmasterresource.com publicicons.org 21oswell.com workpeeves.com appgyver.io fourcornersgaragedoorrepair.com 16watts.com dangarro.com bermudaonline.org aafpweinsureyourincome.com ruxit.dk frontstreetdigital.com tryxapi.com blueridgeoils.com citysearchgiveaway.com movingamericaforwardpac.net electricdonkeycarnival.com hiddenvalleyresort.com jeatsu.com tcomanufacturing.com annahallihan.com severinhacker.com brinqa.net sharpendpartnersllc.com puzzleblocks.net aquamize.com cross-layer.com mangoldsound.com mastersfiles.com simexkom.org ifusionx.com ctpmp.com binisocial.com adverahealth.org sonbuchner.com emailerer.com skinmedex-ca.com elementarybaseball.org bux1le001.com mparticle.com alwaysbepitching.com files.coinmarketcap.com.s3-website-us-east-1.amazonaws.com postgresqlstudio.org bargeronps.com uplynk.com cheepcuts.com thelifephoto.com doppelcelebrity.com ethanbrown.net signkidsup.com blackbaudcloud.com bdatad.com 123-tracker.com athleets.com brodavasalon.com brianhuey.net explaindiofx.com orthoteks.com leektheshooter.com thegeekettespeaketh.com seetheadvantage.com drivendealer.com jitjatjo.com finger-info.net ultracasas.com chicaprints.com mitros.org litl.com hiptravelers.com fearlesstesters.com zyloon.com cardsagainstoriginality.com ilovecreed.com bemygame.com livereload.com community.turbotaxonline.ca 1877petfood.com connexions.me 2drpg.org colinferris.com westindiesbooks.com chartbeat.net credda.net kissimiasi.com christofernelson.net badcompanyparty.com flysoft.ru helpscoutreview.com portend.tech artsura.com spraytruckbedliner.com blackmarketincome.com nikosbarbershop.com mycreaturequest.com clvr.tech designleadership.com bigbarrellfest.net acamelotking.com svonm.com tellsenatordegrange.com steemfighter.com fetalnucleicacidtesting.com forensics1000.com 957thespot.com souk.nyc compilerworks.org espark.io collinmchale.com aissatoundao.com bonnykhanna.com planogaragedoorcompany.com panamastays.com racoonbandit.com www.nissandeaguadilla.com dthapp.com knotonmyplanet.org zenginehq.com videovision.org bmazz.com 1shopnow.com 3point5.com ltx71.com octogroup.org baltimorecity.gov debrouwere.org carlosmatamd-az.com getgigradio.com americashealthrankings.org avidpaynow.com hoodamath.com iastatejobs.com awardsplatform.com stats.slimwareutilities.com hotelengine.com www.friendsheet.com emailservice.io contactme.com tearsheet.co hairmadnesssalon.com renatovaldes.com aclgrc.com amazonpower.co balneariocamboriushopping.com.br maxnaza.com ezybonds.com err.rgbdomsrv.com

Malware Detected on Host

Count: 1 b09220f49c164e39a9d6b9647b376cd31fd3693d9796f6122b7744cb53d61d1e

Open Ports Detected

80

Map

Whois Information

• NetRange: 52.192.0.0 - 52.223.191.255
• CIDR: 52.223.0.0/17, 52.208.0.0/13, 52.222.0.0/16, 52.216.0.0/14, 52.223.128.0/18, 52.220.0.0/15, 52.192.0.0/12
• NetName: AT-88-Z
• NetHandle: NET-52-192-0-0-1
• Parent: NET52 (NET-52-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Amazon Technologies Inc. (AT-88-Z)
• RegDate: 2015-09-02
• Updated: 2020-09-24
• Ref: https://rdap.arin.net/registry/ip/52.192.0.0
• OrgName: Amazon Technologies Inc.
• OrgId: AT-88-Z
• Address: 410 Terry Ave N.
• City: Seattle
• StateProv: WA
• PostalCode: 98109
• Country: US
• RegDate: 2011-12-08
• Updated: 2024-01-24
• Comment: All abuse reports MUST include:
• Comment: * src IP
• Comment: * dest IP (your IP)
• Comment: * dest port
• Comment: * Accurate date/timestamp and timezone of activity
• Comment: * Intensity/frequency (short log extracts)
• Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
• Ref: https://rdap.arin.net/registry/entity/AT-88-Z
• OrgRoutingHandle: IPROU3-ARIN
• OrgRoutingName: IP Routing
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
• OrgRoutingHandle: ARMP-ARIN
• OrgRoutingName: AWS RPKI Management POC
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
• OrgAbuseHandle: AEA8-ARIN
• OrgAbuseName: Amazon EC2 Abuse
• OrgAbusePhone: +1-206-555-0000
• OrgAbuseEmail: trustandsafety@support.aws.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
• OrgNOCHandle: AANO1-ARIN
• OrgNOCName: Amazon AWS Network Operations
• OrgNOCPhone: +1-206-555-0000
• OrgNOCEmail: amzn-noc-contact@amazon.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
• OrgTechHandle: ANO24-ARIN
• OrgTechName: Amazon EC2 Network Operations
• OrgTechPhone: +1-206-555-0000
• OrgTechEmail: amzn-noc-contact@amazon.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN

Links to attack logs

****** ****** ******