52.222.149.54 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 52.222.149.54 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 10/100

Host and Network Information

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 1 times
• Protocols Attacked: SSH
• Passive DNS Results: na.hoover.ctps.amazon.dev traceplay.tv tissueregenixwoundcare.com surgipure.us orthopure.co.uk dcelltechnology.org orthopure.us surgipure.co.uk tissueregenixcardiac.co.uk trxcardiac.com trxwoundcare.com dcelltechnology.com trxwoundcare.co.uk tissueregenixcardiac.com tissueregenixwoundcare.co.uk trxorthopaedic.co.uk b.neodatagroup.com ryanfellner.mortgagemapp.com auckland.mortgagemapp.com www.masteryconnect.com mobile-api.newscyclemobile.com config-msdk.freshchat.com cs.regicom-ebusiness.com st4t1c.com account.sanomaservices.nl cdn.raygun.io dptr.distiltag.com content.viaplay.se t.kctag.net cdn.exelator.com www.express.co.uk d1ivexoxmp59q7.cloudfront.net www.slotdigital.com istros-digital.com get.enomenalco.club cdn.sailthru.com build.mintwax.party d19o643lxir6wy.cloudfront.net a53a98c5107bfab3462e00a0b21075475.profile.fra53.cloudfront.net d1ujqdpfgkvqfi.cloudfront.net d7x5nblzs94me.cloudfront.net update-cloud.i.360overseas.com d1culzimi74ed4.cloudfront.net a5f65f3bdfaacb1a6798ee0970fbe76e6.profile.fra53.cloudfront.net d2l41m2ytk8l79.cloudfront.net d1187ob8iohqnz.cloudfront.net d1wb0ukcj65cfk.cloudfront.net d3giikteahxfyn.cloudfront.net www.spgq.qc.ca d18lhfxtyyykhi.cloudfront.net d2lsjit0ao211e.cloudfront.net d32ijn7u0aqfv4.cloudfront.net d2jgdr38yjw0vl.cloudfront.net 123contactform.com d16hr9n7t75k58.cloudfront.net d2kvnxnf3vozsu.cloudfront.net d2ujtq42bkofat.cloudfront.net 247tracking.net daglcc8g9kel9.cloudfront.net d2sbzxv292w5q3.cloudfront.net d2fx04kwp3nj1s.cloudfront.net d26hmzyhgjlf2a.cloudfront.net d3n8a8pro7vhmx.cloudfront.net d3ne98tsa22s99.cloudfront.net statics.wired.it d314q6hkw4pzj6.cloudfront.net d1izghwuiqcg9p.cloudfront.net d3kbpyz29rzfjb.cloudfront.net d2ojan1m6bk4x1.cloudfront.net d30camiptqroq.cloudfront.net d335luupugsy2.cloudfront.net d2pbdkmf8b7jzc.cloudfront.net d39r81p4kuiahq.cloudfront.net d3oj02ytca5lv9.cloudfront.net dkwt41b6so0ba.cloudfront.net d2q2vj97dnynxw.cloudfront.net dsw1e6vxqxp82.cloudfront.net d1w71f984k656h.cloudfront.net d277m2chftdx18.cloudfront.net d18rn0p25nwr6d.cloudfront.net d2imjp01y2qig5.cloudfront.net d1c6f3vdhdr2kr.cloudfront.net d1oliwtejxh3jf.cloudfront.net clean.mobile87.com dqy4vd0hn5wo9.cloudfront.net d20riqtwul82ne.cloudfront.net d15hs6h0yw1scw.cloudfront.net d7xl8cjljj83x.cloudfront.net cci.production.investis.com d16oc15frjt76r.cloudfront.net amlin-plc.production.investis.com d2a0u4kw67v2r6.cloudfront.net d2ouvy59p0dg6k.cloudfront.net d3pa4xcf10sh05.cloudfront.net aamal-v2.production.investis.com d1c7k2cj4v6ik5.cloudfront.net d1qf2k0e9n7syj.cloudfront.net d1o7fw3g3fes3.cloudfront.net d2b65g5byunokk.cloudfront.net d12ux77lb7w3wh.cloudfront.net d3qm0vl2sdkrc.cloudfront.net antivirusams.mobile82.com d1iq7pbacwn5rb.cloudfront.net d2rhganuh50oo0.cloudfront.net d17gg2mx4v8o5d.cloudfront.net d2nck5wnz9hphu.cloudfront.net dph3kccpbigca.cloudfront.net d2ujdp3bol06y9.cloudfront.net d2jhuj1whasmze.cloudfront.net du5qo9zpurkjr.cloudfront.net androidappsftw.xyz d1o3blknv6u29r.cloudfront.net maybeyouwin.website dyno3mlj15jgv.cloudfront.net d1gahxamcuu9d3.cloudfront.net d8j7fd4gsmlrh.cloudfront.net d9lhxyivbnow1.cloudfront.net antivirus.mobitool.info d3713d27pqkbs5.cloudfront.net d2drx6n2xb0i5r.cloudfront.net d5nxst8fruw4z.cloudfront.net d1h8ctfgn173yl.cloudfront.net d2mkcjylj1gvhc.cloudfront.net d3lx5qxvlt4opm.cloudfront.net d1echjoy2b2zhr.cloudfront.net d3rgq3t184uj2h.cloudfront.net d3m8xbnjdqwzw0.cloudfront.net d1pg43ots40sgg.cloudfront.net d1lek0pyypo7am.cloudfront.net www.bestvideoplayer312.com d2h6t3minphanl.cloudfront.net d2hhyarrvfefvk.cloudfront.net djwuyusf46z6j.cloudfront.net d341lr8fna0r0b.cloudfront.net d3lcoqnjqy33nu.cloudfront.net www.thedirectfreemy50.com d1t653m828c3x8.cloudfront.net d1jrqqyoo3n46w.cloudfront.net

Malware Detected on Host

Count: 30 aa735b81bd98080d33970f2dd0379765bdb6ed943b5945ea392556da0cdc2769 c438d6247d80853782204a3be2d04329556cb52e4218a247c653f1fa888aa78d 1ada0ee5012b7e5473e0ddc096930ade2d71dbda321f3c80bf756e8787a69c9f 0eb74b895f961de90312a600449497633201f17eb77517ba2eceb3a0e4ce7eda 46032b84410046ba6f7fb5852df479e979f48e6abc0983afbbc9861478171a08 9caf7fba3c589c3455ab7429d44e5d4ec9a3b4328d2e54096000ab9c8bad4f07 02afa27fbf39f714923e79abfeb3028ac19650d5a790ce7bdb09ed90a5f71e20 d774b6451517279ba1443992a44d1e6415afabdcbcaf51a39747f788e5166524 e645e09aa6d79e30f112e862032626203afc7df939ce88e49954336a37f880ba a2b08c6d4561610c1cb1263dbfab49a32feac3ecf6b77b1475c0f61c157821f0

Open Ports Detected

443 80

Map

Whois Information

• NetRange: 52.192.0.0 - 52.223.191.255
• CIDR: 52.216.0.0/14, 52.220.0.0/15, 52.208.0.0/13, 52.223.0.0/17, 52.222.0.0/16, 52.223.128.0/18, 52.192.0.0/12
• NetName: AT-88-Z
• NetHandle: NET-52-192-0-0-1
• Parent: NET52 (NET-52-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Amazon Technologies Inc. (AT-88-Z)
• RegDate: 2015-09-02
• Updated: 2020-09-24
• Ref: https://rdap.arin.net/registry/ip/52.192.0.0
• OrgName: Amazon Technologies Inc.
• OrgId: AT-88-Z
• Address: 410 Terry Ave N.
• City: Seattle
• StateProv: WA
• PostalCode: 98109
• Country: US
• RegDate: 2011-12-08
• Updated: 2024-01-24
• Comment: All abuse reports MUST include:
• Comment: * src IP
• Comment: * dest IP (your IP)
• Comment: * dest port
• Comment: * Accurate date/timestamp and timezone of activity
• Comment: * Intensity/frequency (short log extracts)
• Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
• Ref: https://rdap.arin.net/registry/entity/AT-88-Z
• OrgNOCHandle: AANO1-ARIN
• OrgNOCName: Amazon AWS Network Operations
• OrgNOCPhone: +1-206-555-0000
• OrgNOCEmail: amzn-noc-contact@amazon.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
• OrgRoutingHandle: ARMP-ARIN
• OrgRoutingName: AWS RPKI Management POC
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
• OrgRoutingHandle: IPROU3-ARIN
• OrgRoutingName: IP Routing
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
• OrgAbuseHandle: AEA8-ARIN
• OrgAbuseName: Amazon EC2 Abuse
• OrgAbusePhone: +1-206-555-0000
• OrgAbuseEmail: trustandsafety@support.aws.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
• OrgTechHandle: ANO24-ARIN
• OrgTechName: Amazon EC2 Network Operations
• OrgTechPhone: +1-206-555-0000
• OrgTechEmail: amzn-noc-contact@amazon.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
• NetRange: 52.222.128.0 - 52.222.255.255
• CIDR: 52.222.128.0/17
• NetName: AMAZO-CF
• NetHandle: NET-52-222-128-0-1
• Parent: AT-88-Z (NET-52-192-0-0-1)
• NetType: Reallocated
• OriginAS:
• Organization: Amazon.com, Inc. (AMAZON-4)
• RegDate: 2018-05-08
• Updated: 2018-05-08
• Ref: https://rdap.arin.net/registry/ip/52.222.128.0
• OrgName: Amazon.com, Inc.
• OrgId: AMAZON-4
• Address: 1918 8th Ave
• City: SEATTLE
• StateProv: WA
• PostalCode: 98101-1244
• Country: US
• RegDate: 1995-01-23
• Updated: 2022-09-30
• Ref: https://rdap.arin.net/registry/entity/AMAZON-4
• OrgTechHandle: ANO24-ARIN
• OrgTechName: Amazon EC2 Network Operations
• OrgTechPhone: +1-206-555-0000
• OrgTechEmail: amzn-noc-contact@amazon.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
• OrgAbuseHandle: AEA8-ARIN
• OrgAbuseName: Amazon EC2 Abuse
• OrgAbusePhone: +1-206-555-0000
• OrgAbuseEmail: trustandsafety@support.aws.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
• OrgRoutingHandle: IPROU3-ARIN
• OrgRoutingName: IP Routing
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
• OrgNOCHandle: AANO1-ARIN
• OrgNOCName: Amazon AWS Network Operations
• OrgNOCPhone: +1-206-555-0000
• OrgNOCEmail: amzn-noc-contact@amazon.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
• OrgRoutingHandle: ARMP-ARIN
• OrgRoutingName: AWS RPKI Management POC
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN

Links to attack logs

****** ****** ******