52.220.244.242 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 52.220.244.242 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 27/100

Host and Network Information

• Mitre ATT&CK IDs: T1547 - Boot or Logon Autostart Execution

• Tags: 10252, 135deg, 15px, 180deg, 255a, 409764, accept, adfunction, agent, ahlin bjerrome, albania, android, animation, apache, areasmodule, arial, armenia, array, ascio, ascio domains, ascio partner, backspace, baskerville, bcdiefguxx, belarus, bind, blin, body, boolean, burkina, burma, chad, checker, child, christmas, class, click, close, closure library, code, constructor, cont, contact, context, copyright, createclass, cuba, czech, d67a60, date, dehu, deleted, diefg, domdata, duip, en de, error, facebook, fail, false, fill, flip, flip direction, float32array, form, format, forwardref, function, fwir, fz5i, g8m7ft2s1tv, ganda, generator, getclass, github, global whois, gondi, green, harmony, hello, helvetica neue, hexchars, hide, hlwq, hooks, htmlcollection, htmlelement, hyper island, icelandic, idns, indonesia, infinity, init, insert, inter, internal, invert, join today, json, julian garnier, l420, launcher, login en, look, lookback, lucia, martin, matrix, meta, mexico, middle, minecraft, mit license, natb, next, nfunction, noscroll, null, number, object, panama, paraguay, param, partner, pass, path, pcnd, phonenumber, portal, promise, prop, property, pseudo, push, python, qnull, read, redemption, reduceright, regexp, rockn, ruby, scale, script, scroll, shadowsizzle, shift, skew, skip, slave, slice, slovakia, small, source, spinkit, spotify, sprintf, ssnull, stop animation, string, strong, super, suspense, symbol, syntaxerror, tbh0, this, tlds, tlds offered, tobias, tobias ahlin, trident, trim, typeerror, typeof, typeof c, typeof define, typeof e, typeof f, typeof module, typeof n, typeof s, typeof symbol, typeof t, uint8array, ukraine, union, unknown, updater, uruguay, valr, vhyj, video, view, view project, void, weakmap, widget, width, wrap, x7am, xdfunction, zulu

• JARM: 40d40d40d00000000043d40d40d43d684d61a135bd962c8dd9c541ddbaefa8

• View other sources: Spamhaus VirusTotal

• Country: Singapore
• Network: AS16509 amazon.com inc
• Noticed: 1 times
• Protocols Attacked: SSH
• Passive DNS Results: anmige.com netlify.cdn.qsim.top taghub.app yzzpan.com www.yzzpan.com 14trees.org imejin.co.jp loan-kansai.com www.ygd2jk6u.tk expnect.co.jp langland.co.uk toyohasi-ni-koyoyo.com katafangaisland.com www.katafangaisland.com rohitraj.dev ksk.works projectx.studiographene.xyz saintmax.sg www.saintmax.sg www.patrickphat.com patrickphat.com from8to8.at.tw finallykycaml.com root-for-yzzpan.yunzhongzhuan.com intereviews.com cdn-static-www.yunzhongzhuan.com www.chenheng.site chenheng.site pearik.com www.pearik.com nightthoughtreport.net torico-daisen.com rikson.net www.yunzhongzhuan.com rossacode.net guxuerui.cn yunzhongzhuan.com hitori-atelier.com brand-lift.jp monotein.com viz4x.info toyama-ramen-guide.com iroatume.com taghub.dev www.taghub.dev rizi.tokyo www.bonnie.pink taghub.ml www.asiprecision.co.th asiprecision.co.th eneglobal.jp kesennuma-nodoka.com jumboly.co.jp www.kickinghorsecoffeecoldbrew.com browxin.com yutohayashi.site sourcecraft.jp oxnylab.com yo-hair.com ushiji.online merclimb.jp apia-meer-music.com randcompany.jp 3594note.info xiaomengk.com annotation-guide.devstage.ai thegoodlife.farm shimoju.org www.outpostindustries.com pingendo.com pc.yunzhongzhuan.com root.yunzhongzhuan.com donaldchea.com leo60228.space expfrom.me simple-it-life.com m-chain.me www.bathandwell.com xanderx.com mmconsult.com lionsharesound.com opossum.me asuntomessut.fi a-agency.co.jp manzelmag.com noisedao.xyz asm-design.work ogwmnm.me typelights.com hype.enterprises floppafarm.com consaid.us sbstjn.com ones.studio rio-matras.com reaqta.cloud moul.io pacifices.cloud www.kingfisher.fun mypayday.africa mekepon.com ardenecorporate.com webcode.tools www.covid19-nagano.info covid19-nagano.info unnamed.co karwan93.xyz www.karwan93.xyz lykke.com ctrltab.io ooo-polyter.ru n-s.tokyo lapagaiedaure.com valix.com.br duanejeffers.com ciencia.cafe kelvin9314.work 2022etmoi.fr kokroze.lv westernfetish.eu.org eazyblack.ga tmp.bio www.armoodbaku.az yohputra.my.id permitsvictoria.com.au wasatayem.com sparanoid.moe hearty.app synoro.ch frontend-conf.fukuoka.jp pensant.me tastycuisine228.com clickandcollect.nz autosubcreator.com grocial.io about.seller.bikehub.app kaisermann.me cacheclick.com monoline.io autolinksexchanger.com instantgagnanthusqvarnagooglehome.fr offre-surligneur2022.fr wbydo.com bambus.io anugrahakerala.com bando.consulting fluid-design.co.jp forwardxp.com oikos.exchange speedscanner.org unleashedbrewing.com asbloom.me sakura-naganuma.co.jp jkwoodconstruction.com cryptomaan.eu tkdalsgks.me libertywines.online egatry.com adsgrader.com memeinsider.com concreteazoresltd.com gdc.network tradelink.dev sakurazaka46.tokyo stearsdata.com duluxvalentine-monoffrepromo-leroymerlin.fr 44kikun.net atlantic-hivermalin.fr vecteursante40anssatoriz.fr clinicians.wheel.health conermurphy.com achocafe.com bootcamp.sa www.opencage.net dcapital.jp browserparrot.com snap.dev grmarks.com henrycarter.co.uk nirantak.dev color-information.website skinclinic.care gatherd.media bigclown.cz sww.moe nstam.gr jmjones.ca annedenanneye.org lencr.org ciccarelli.dev evileval.tk karbonhq.com canberra.com.au bayesfox.com 3littledudes.com lucas-audenard.com ssdf.io arnofps.com socialmindspodcast.com feals.com langland.com.au zhanchi.org starseller.shop 8ito9.com.br tiktoklibrary.tk musicbucket.cloud plantslog.com menolaklupa.org uiblend.com letsencrypt.org impala-inc.jp airfestival21.ch bodymechanics.es centralyze.com javascriptanywhere.net aharooms.asia risingart.co.jp mo-fu.org danrice.net terminal.black www.haehnel.xyz graessle.com kadai-no-fusen.site www.euphoria.tokyo.jp somuriengineer.com cross-chop.jp mokuo.me dev-life.jp sorekiyu.jp www.tmp.bio realinternetman.com freefactory.club shikaku.or.jp kumono-name.com techeten.xyz kaitak-sales.jp kips.jp knockmitten.com kami-tabi.jp www.techvisionus.com bench.jp fallsintoatechcoma.com pomme-pomme.net tomoyatanaka.site lets-jisui.com cdn1.orii.xyz u-can.pro cybertransporters.com www.inagaki.in lol-engineering.com sawara-inae.com backham.me dncngrl.com hatamaru.com siiibo.jp shirayu.net minify.info hakustudio.com msconstellation.jp flace.link hakodate-shataikyo.com provemind.co.jp tx1ee.cc opentown.jp 28-nikki.com nakodo.love nantokapress.com 2.o.me.cdn.cloudflare.net yohak.design www.langland.co.uk imfrom.tokyo cpa-koga.com career-yokocho.com www.rubellum.jp c2c-eng.co.jp www.cc1.co.jp cc1.co.jp tege.work renaca.jp gudako.net www.xiobb.vip moolike-stock.com leenzhu.com umizaruya.com bbqtranspit.com xiobb.vip blog.xiobb.vip pekopeko-portal.com hachimoku.net www.shaozhang.info shaozhang.info online.salon ninzi.top kyou-umi.jp oiwakeshika.com armall.info versailles.work mizuo.org hitonowa.co.jp maison-orange.com adaptive-icon-tester.nabettu.com cornerstoneoutsource.com vstecssingapore.com alby.co.jp tenswing.com hodohodo-study.com kanazawa6syoutengai-genki.com ventura-jp.com catifox.xyz 9bordencoffee.com 8ma4y.me www.smileblog.top make-some-noise.site blog.xiobb.com www.xiobb.com xiobb.com echo.co.jp lp-department.com mop-fujisawa.net frontworks.dev zhangjunbo.org foresuke.site thinkrec.com urls.jp moolike-movie.com creato-c.jp techtricks.in qinfo.tokyo silencer.inc laviejo.com leo-tanishige.site kei-shop.jp econnectcom.com nichicoma.co.jp arieal.co.jp parislife.net hd.bankers.co.jp nichireifoods-hokuriku-campaign.com w-dribble.com puzzb.com nocono.net inagaki.in astero.work tsurusho-dosokai.com amuyikam.work kohakuen.jp revion.art miche-illustrator.com yourwellnessinbalance.com mokajima.com moonmeetsmoon.com 1mile-design.com elixi.co notari24.com docs.nabettu.com jagpotato.com www.sorekiyu.jp food-truck-bonappetit.com axxxm.site fxos.org hackjpn.com fabon.info dev.kotaro.blog kotaro.blog www.kotaro.blog goodhope-photo.com cospa-ranking.com oi-tech.blog morani-m.com ponkichi.info shumpei-profile.site udon.online integral.sflabo.com rebuild-bootcamp.jp ksk001100.com sflabo.com chikaraishi.org tempi.co.jp loop-inc.com asaburo.com gakushucho.ninja xaquinel.com brdr.jp kuni.tech hanakoto.jp diveintohacking.com e-maison.co testdayone20210507.cloud bkhd.co.jp esakiyuki.site frontend-conf.okinawa.jp legal-tech.co.jp blog.nabettu.com toku-daisy.blue jyushinendo.site hrkmtsmt.com mz32.dev kitsumcheng.com www.kitsumcheng.com sqrie.jp subscone.com bathandwell.com sekka.blog bkhd-kyoei.co.jp wucf.me phpcon-sendai.net mgtnsn.com blog.moikilo00.xyz web.bikehub.app doyaji-ecshop.com masterslabo.com elbon.jp hayashibe.jp 7rpn.net aoimichelle.me noelani.work mailelei-hayama.com hikawarhythm.do-jin.net gogridsome.work fifty-four.rocks ralacode.com claves.co.jp m-c-z-k.online test22.orz.at grnt2.net wurzeit.com syomi-neverland.club noauto-nolife.com frontendev.net codelabo.com twilist.nabettu.com ribbit.icu xn–7dv14b.com kazuharuigarashi.com www.kips.jp yoshikiito.net sawweb.work djduct.com xinglihuan.com kohsuk.tech johnykei.net desna.tech macho-cms.com arniseko.info cqc.jp cerebro.iiitv.ac.in cerebro.iiitvadodara.ac.in sakabamotoki.com ropeace.jp csv2json.jp pool-inc.com corbs.co.jp tonipo.com yabai.work tohlab.net kazetachinu.com sport-information.com roanavi.com hikiroom.site dials.style loud-world.net www.btcmix.mywire.org btcmix.mywire.org rubellum.jp studio-surume.com sawara-mirai-unga.com

Malware Detected on Host

Count: 1 b8a146284e8abf867ed86ff6cc4ee44648e47c7e857d5d2e5e52219c4b43f935

Open Ports Detected

443 80

Map

Whois Information

• NetRange: 52.192.0.0 - 52.223.191.255
• CIDR: 52.220.0.0/15, 52.223.128.0/18, 52.216.0.0/14, 52.208.0.0/13, 52.192.0.0/12, 52.222.0.0/16, 52.223.0.0/17
• NetName: AT-88-Z
• NetHandle: NET-52-192-0-0-1
• Parent: NET52 (NET-52-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Amazon Technologies Inc. (AT-88-Z)
• RegDate: 2015-09-02
• Updated: 2020-09-24
• Ref: https://rdap.arin.net/registry/ip/52.192.0.0
• OrgName: Amazon Technologies Inc.
• OrgId: AT-88-Z
• Address: 410 Terry Ave N.
• City: Seattle
• StateProv: WA
• PostalCode: 98109
• Country: US
• RegDate: 2011-12-08
• Updated: 2024-01-24
• Comment: All abuse reports MUST include:
• Comment: * src IP
• Comment: * dest IP (your IP)
• Comment: * dest port
• Comment: * Accurate date/timestamp and timezone of activity
• Comment: * Intensity/frequency (short log extracts)
• Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
• Ref: https://rdap.arin.net/registry/entity/AT-88-Z
• OrgAbuseHandle: AEA8-ARIN
• OrgAbuseName: Amazon EC2 Abuse
• OrgAbusePhone: +1-206-555-0000
• OrgAbuseEmail: abuse@amazonaws.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
• OrgNOCHandle: AANO1-ARIN
• OrgNOCName: Amazon AWS Network Operations
• OrgNOCPhone: +1-206-555-0000
• OrgNOCEmail: amzn-noc-contact@amazon.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
• OrgTechHandle: ANO24-ARIN
• OrgTechName: Amazon EC2 Network Operations
• OrgTechPhone: +1-206-555-0000
• OrgTechEmail: amzn-noc-contact@amazon.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
• OrgRoutingHandle: IPROU3-ARIN
• OrgRoutingName: IP Routing
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
• OrgRoutingHandle: ARMP-ARIN
• OrgRoutingName: AWS RPKI Management POC
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
• NetRange: 52.220.0.0 - 52.221.255.255
• CIDR: 52.220.0.0/15
• NetName: AMAZON-SIN
• NetHandle: NET-52-220-0-0-1
• Parent: AT-88-Z (NET-52-192-0-0-1)
• NetType: Reallocated
• OriginAS: AS16509
• Organization: Amazon Data Services Singapore (ADSS-3)
• RegDate: 2015-12-10
• Updated: 2015-12-10
• Ref: https://rdap.arin.net/registry/ip/52.220.0.0
• OrgName: Amazon Data Services Singapore
• OrgId: ADSS-3
• Address: Bedok Central Post Office
• Address: PO Box 482
• City: Singapore
• StateProv:
• PostalCode: 049481
• Country: SG
• RegDate: 2015-12-09
• Updated: 2019-08-02
• Ref: https://rdap.arin.net/registry/entity/ADSS-3
• OrgNOCHandle: AANO1-ARIN
• OrgNOCName: Amazon AWS Network Operations
• OrgNOCPhone: +1-206-555-0000
• OrgNOCEmail: amzn-noc-contact@amazon.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
• OrgTechHandle: ANO24-ARIN
• OrgTechName: Amazon EC2 Network Operations
• OrgTechPhone: +1-206-555-0000
• OrgTechEmail: amzn-noc-contact@amazon.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
• OrgAbuseHandle: AEA8-ARIN
• OrgAbuseName: Amazon EC2 Abuse
• OrgAbusePhone: +1-206-555-0000
• OrgAbuseEmail: abuse@amazonaws.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN

Links to attack logs

****** ****** ******