52.22.138.222 Threat Intelligence and Host Information
General
This page contains threat intelligence information for the IPv4 address 52.22.138.222 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.
Likely Malicious Host 🟠 57/100
Host and Network Information
-
Mitre ATT&CK IDs: T1012 - Query Registry, T1021 - Remote Services, T1035 - Service Execution, T1046 - Network Service Scanning, T1047 - Windows Management Instrumentation, T1055 - Process Injection, T1057 - Process Discovery, T1060 - Registry Run Keys / Startup Folder, T1083 - File and Directory Discovery, T1112 - Modify Registry, T1119 - Automated Collection, T1140 - Deobfuscate/Decode Files or Information, T1179 - Hooking, T1181 - Extra Window Memory Injection, T1215 - Kernel Modules and Extensions, T1547 - Boot or Logon Autostart Execution, TA0002 - Execution, TA0003 - Persistence, TA0004 - Privilege Escalation, TA0005 - Defense Evasion, TA0008 - Lateral Movement, TA0009 - Collection, TA0010 - Exfiltration
-
Tags: access type, active, added active, admin city, a domains, adversaries, allocates rwx, antivm network, apanas, ascii text, attack, babylon, bad traffic, body, borland delphi, city, ck id, click, code, com laude, copy, copyright, country, create, createfilew, creation date, crlf line, cve, data, date, dead host, deletes self, delphi generic, desktop, destination, dnssec, domain, email, empty hash, encrypt files, entries, entropy, error, et info, et trojan, evader, execution, exe nolookup, expiration date, false, fbo registrant, filehashmd5, filehashsha1, files, file type, flag, france france, general, generic, genericread, genericwrite, germany germany, get babylon, get reloaded, global, gmt flag, gnu message, hkeyclassesroot, hkeycurrentuser, host, hostile, hostname add, how many, http header, hybrid, icons library, informative, inject, installs, intel, ip address, ipv4, ipv4 add, learn, levelblue, limited dba, link library, llc name, ltd dba, maas, malicious, malware, md5 code, members, mirai, mitre att, modules, money doc, monitor, msie, ms windows, mtb mar, mtb oct, name tactics, network icmp, next, next associated, nomiq, organization, os2 executable, overlay, packer entropy, passive dns, path, pe32, pe32 compiler, pe32 executable, pe features, persistence, pe unknown, png image, policy sslv3, poodle attack, port, postal code, post reloaded, privacy admin, privacy billing, privacy service, privacy tech, proxy wpad, pulse pulses, python, ransom, redacted for, reevil, registry, regopenkeyexa, regopenkeyexw, regsetvalueexw, related pulses, remote, resource name, rgba, role title, russsian data, search, server, service, show, showing, stateprovince, strings, success, super node, suspicious, tags, target, tcp traffic, tools, triton, trojan, type indicator, ukraine ukraine, united, united kingdom, unknown, unknown cname, unknown ns, url http, url https, urls, viet nam, virtualallocex, virustotal, webview, win16 ne, win32, win32 dynamic, win32 exe, windows, windows nt, write, x11 snf
-
View other sources: Spamhaus VirusTotal
- Country: United States
- Network:
- Noticed: 5 times
- Protocols Attacked: web
- Countries Attacked: United States of America
- Passive DNS Results: apigw-global-gsratesheetservice.uat1.greensky.com
Similar IP Addresses Detected
52.22.117.241 52.22.146.95 52.22.60.110 52.22.64.124 52.22.87.224
Map
Whois Information
- NetRange: 52.0.0.0 - 52.79.255.255
- CIDR: 52.0.0.0/10, 52.64.0.0/12
- NetName: AT-88-Z
- NetHandle: NET-52-0-0-0-1
- Parent: NET52 (NET-52-0-0-0-0)
- NetType: Direct Allocation
- OriginAS:
- Organization: Amazon Technologies Inc. (AT-88-Z)
- RegDate: 1991-12-19
- Updated: 2024-02-05
- Comment: Geofeed http://ip-ranges.amazonaws.com/geo-ip-feed.csv
- Ref: https://rdap.arin.net/registry/ip/52.0.0.0
- OrgName: Amazon Technologies Inc.
- OrgId: AT-88-Z
- Address: 410 Terry Ave N.
- City: Seattle
- StateProv: WA
- PostalCode: 98109
- Country: US
- RegDate: 2011-12-08
- Updated: 2026-04-17
- Comment: All abuse reports MUST include:
- Comment: * src IP
- Comment: * dest IP (your IP)
- Comment: * dest port
- Comment: * Accurate date/timestamp and timezone of activity
- Comment: * Intensity/frequency (short log extracts)
- Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
- Ref: https://rdap.arin.net/registry/entity/AT-88-Z
- OrgRoutingHandle: IPROU3-ARIN
- OrgRoutingName: IP Routing
- OrgRoutingPhone: +1-206-555-0000
- OrgRoutingEmail: aws-routing-poc@amazon.com
- OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
- OrgRoutingHandle: ARMP-ARIN
- OrgRoutingName: AWS RPKI Management POC
- OrgRoutingPhone: +1-206-555-0000
- OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
- OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
- OrgTechHandle: ANO24-ARIN
- OrgTechName: Amazon EC2 Network Operations
- OrgTechPhone: +1-206-555-0000
- OrgTechEmail: amzn-noc-contact@amazon.com
- OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
- OrgDNSHandle: DNS1131-ARIN
- OrgDNSName: DNS
- OrgDNSPhone: +1-202-555-0000
- OrgDNSEmail: ipmanagement+dns@amazon.com
- OrgDNSRef: https://rdap.arin.net/registry/entity/DNS1131-ARIN
- OrgNOCHandle: AANO1-ARIN
- OrgNOCName: Amazon AWS Network Operations
- OrgNOCPhone: +1-206-555-0000
- OrgNOCEmail: amzn-noc-contact@amazon.com
- OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
- OrgAbuseHandle: AEA8-ARIN
- OrgAbuseName: Amazon EC2 Abuse
- OrgAbusePhone: +1-206-555-0000
- OrgAbuseEmail: trustandsafety@support.aws.com
- OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
Links to attack logs
cfglobal-web-bruteforce-ip-list-2026-06-29
Share on: