52.218.40.4 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 52.218.40.4 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 10/100

Host and Network Information

• View other sources: Spamhaus VirusTotal

• Country: Ireland
• Network: AS16509 amazon.com inc
• Noticed: 1 times
• Protocols Attacked: SSH
• Passive DNS Results: login.mycloudhospitality.com torucloud.com susanmacfarlane.com swcloud.nl www.battlefield-chess.com mpscric.xyz bytelaboratory.com mangoshop.com fredkelly.net spotlinker.net curvelogic.biz andreacfm.com cesan.org mobstitialtag.com transformtalnt.com landa-function.com www.magnet-cloud.com wellington-real-estate.net www.primitivezone.com monzo.bingo yabo777.live verisk.co.uk bailareneldesierto.com hub4subs.com sky-exchange.live mjbet.co.uk statics.agps-staging.twonav.com www.skicka.money www.ukhoziagri.com multistrategyfunds.ie sarkar247.com bjcricket.live betbarter.xyz resplendo.com dmacoustics.com parktechnology.com bkulruns.xyz maxiruns.xyz careermapper.io sky-exchange.com agiletude.com xsightfuturesolutions.com livetvgmbh.de maza-play.com gskyexh.com mazaplay.online crickzoom.live enterfair.com 9wickets.com dollarexc.com digital-services.pl icebook365.com www.fanvid.co.uk eaglefair23.com ujjawal.tk luckyexch.xyz jbasoftware.com www.devincere.com timscully.co.uk saudaexchange.com rtmark.net andreas-mathilde.com skyexchange247.com crickex.co te-collinson.com hypeapp.co primaerp.com www.canvaupgrade.store 6ball.exchange walletid365.com elpriser.dasoji.net wirewax.tv clinicianplus.co.uk email.hub-box.com mycollectioncare.com viltcotechnologies.com smashupxxx.com mam888.xyz skyfair.site lnexch.xyz skyfair.vip centuryexch.com skyexchange.biz exczone.com matchbook247.com sevenexch.com kuber777.com anmolexch.xyz appasports.com skyexchange.land sky247.pro www.geomapsblog.com skyexchange.center skygamess.com railmiles.me insurello.com investmnt-world.s3-website-eu-west-1.amazonaws.com cricketbook.exchange mostacha.com circle777.com yum.swivelsecure.net start.sonjas-essentials.de inb888.xyz maciejmalek.com tablan.net macsetup.int.sap fr-nixulabs.com binkaur.xyz gicfg.com simonsoft.se dashdisplay.de ecobowland.live gymforless.com www.sangbleu.com jp.testtraded.theoption.com suninplay.com icebug.pt laskupro.fi pbrencv.com code-60n.com hipstershop.test.ventx.de docs.bitexen.com 248bruns.co eddystone.kontakt.io 4dj.us appathon.tv 6ball.com carfactorymotos.es data.kakapo.co 777bpipl.live ads.quotendo.de fallback.playtech-installer.com im-ignv1.ziffdavisinternational.com modomail.modomoto.de mib.isdi.es skyexch11.com thejillem.com bajicricket.com ijshub.nl docs.telenordigital.com freezemembership.co.uk webservices.nl advanceprf.com s3-website-eu-west-1.amazonaws.com redefine.co.uk offerzen.com qudini.com oceanbook1.com skyexc.com ybsport.net mazaplay.com impactps-study.com 1cdo-gu.net ciaranwhitty.com waldhaus-app.ch dev.mediktiv.com puvyxil.com connect.thirdbridge.com landerlab.xyz santillana.gal stampix.nl

Malware Detected on Host

Count: 72 b254512d65bdca6bf251d812273231112e8421ed88068ffd1da468a11a652e55 c27eda83a250cff2b49aa51db228cd00d8e704b870d77eb1bcfd210d3e1555be 2cb0e396ac9c6a0faa49fc11b5313c70af11a355224d1b1cd354c216c379c044 8481874ec55e543357ef232682d6d718020af780cf451692da4b7b123f4e6c1d a0624e78b995d12aae5119ef9d7d213d0bf54238d35da3bf6da5759d29bd5268 d2f68f0e7d1292b2d74b6470a9d1533769219e38fa4b31c70a0f0ff3e719669c b4608e2bd9e3c828b25006cca74464996f59a7b946ae7d492bdb487b5efa91f9 d870c2d3ec69c00bec9a1e887934a0f58d25a2f7797c59a076dcd18a25b8aa26 47a595b03c081ba5d338c7f2c5b652879805c576ab4a1108c3e27ac98fd3ed90 961c5224cd1c4dda6c6e52f0466ffa9eba8d4e3ed01dbc6bd801d00d1ce805ac

Open Ports Detected

80

Map

Whois Information

• NetRange: 52.192.0.0 - 52.223.191.255
• CIDR: 52.192.0.0/12, 52.223.128.0/18, 52.223.0.0/17, 52.216.0.0/14, 52.222.0.0/16, 52.220.0.0/15, 52.208.0.0/13
• NetName: AT-88-Z
• NetHandle: NET-52-192-0-0-1
• Parent: NET52 (NET-52-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Amazon Technologies Inc. (AT-88-Z)
• RegDate: 2015-09-02
• Updated: 2020-09-24
• Ref: https://rdap.arin.net/registry/ip/52.192.0.0
• OrgName: Amazon Technologies Inc.
• OrgId: AT-88-Z
• Address: 410 Terry Ave N.
• City: Seattle
• StateProv: WA
• PostalCode: 98109
• Country: US
• RegDate: 2011-12-08
• Updated: 2024-01-24
• Comment: All abuse reports MUST include:
• Comment: * src IP
• Comment: * dest IP (your IP)
• Comment: * dest port
• Comment: * Accurate date/timestamp and timezone of activity
• Comment: * Intensity/frequency (short log extracts)
• Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
• Ref: https://rdap.arin.net/registry/entity/AT-88-Z
• OrgRoutingHandle: IPROU3-ARIN
• OrgRoutingName: IP Routing
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
• OrgAbuseHandle: AEA8-ARIN
• OrgAbuseName: Amazon EC2 Abuse
• OrgAbusePhone: +1-206-555-0000
• OrgAbuseEmail: abuse@amazonaws.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
• OrgNOCHandle: AANO1-ARIN
• OrgNOCName: Amazon AWS Network Operations
• OrgNOCPhone: +1-206-555-0000
• OrgNOCEmail: amzn-noc-contact@amazon.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
• OrgRoutingHandle: ARMP-ARIN
• OrgRoutingName: AWS RPKI Management POC
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
• OrgTechHandle: ANO24-ARIN
• OrgTechName: Amazon EC2 Network Operations
• OrgTechPhone: +1-206-555-0000
• OrgTechEmail: amzn-noc-contact@amazon.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN

Links to attack logs

****** ****** ******