54.79.36.20 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 54.79.36.20 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 10/100

Host and Network Information

• View other sources: Spamhaus VirusTotal

• Country: Australia
• Network: AS16509 amazon.com inc
• Noticed: 1 times
• Protocols Attacked: SSH
• Passive DNS Results: uw.rs 36d80d0c.scustomer.sp.ovscdns.com static.test.yashihq.com 36d82046.scustomer.sp.ovscdns.com kumi77.com _policy._domainkey.we7.cc pro.layuicdn.com h5.touronger.com www.blyoo.com tu.blyoo.com reed.mfweb.top kumi168.com www.sharkheng.com kumi888.com logo.cos.domiscc.com 36d80e0e.scustomer.sp.ovscdns.com epost.metalbrother.com 36d812b5.scustomer.sp.ovscdns.com 36d81027.scustomer.sp.ovscdns.com script.himan.top www.we7.cc s.we7.cc bbs.we7.cc 36d809f5.scustomer.sp.ovscdns.com s.wholeecdn.com seller.wholeecdn.com 36d7fcab.scustomer.sp.ovscdns.com 36d7fcaa.scustomer.sp.ovscdns.com www.jingxialai.com ml29.com kumi011.com kumi017.com kumi009.com kumi016.com kumi004.com kumi006.com kumi018.com kumi014.com kumi003.com kumi013.com kumi019.com kumi012.com kumi008.com kumi020.com kumi007.com www.flmjml.com www.landai66.com kumi010.com supay.top 36d80da6.scustomer.sp.ovscdns.com cha.kami11.cn us4ss.data.x-jl.com us3ss.data.x-jl.com openinstall.cc gzjcorange.com 2030dyy.com e336.fun yivian.com fm0topo7.scustomer.sp.ovscdns.com my.blyoo.com 36d7fb6b.scustomer.sp.ovscdns.com abogaherencia.com rc59j.cn my.cefhost.cn a.cos.domiscc.com 36d80e0a.scustomer.sp.ovscdns.com 36d7fb87.scustomer.sp.ovscdns.com zimao.vip syzykeji.cn kumi8.co img.wangsilin.cn f.wholeecdn.com 36d7fc9d.scustomer.sp.ovscdns.com asia.fabernovel.com gcmc.xyz www.ztmanufacture.com wlgjsyxx.com typekuon.com yixin95.cn shtec626.com www.shtec626.com www.dajun0.com dajun0.com t.aies.cn pclub.cc xcx.sourceforest.cn

Malware Detected on Host

Count: 3 649c123d26f3b4da498f594ab7256778f003c8ee86fad9830bb5e3963e7e92d2 38a17b7746206c32573bf5ee87c0f2f90cb8e3dc6d276755c267e660ce5cab18 e21347486736a38ba48f625969d88f44b8f128c358a7285e7d8dccb3a61a3b84

Map

Whois Information

• NetRange: 54.64.0.0 - 54.95.255.255
• CIDR: 54.64.0.0/11
• NetName: AMAZON-2011L
• NetHandle: NET-54-64-0-0-1
• Parent: NET54 (NET-54-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Amazon Technologies Inc. (AT-88-Z)
• RegDate: 2014-06-20
• Updated: 2021-02-10
• Ref: https://rdap.arin.net/registry/ip/54.64.0.0
• OrgName: Amazon Technologies Inc.
• OrgId: AT-88-Z
• Address: 410 Terry Ave N.
• City: Seattle
• StateProv: WA
• PostalCode: 98109
• Country: US
• RegDate: 2011-12-08
• Updated: 2024-01-24
• Comment: All abuse reports MUST include:
• Comment: * src IP
• Comment: * dest IP (your IP)
• Comment: * dest port
• Comment: * Accurate date/timestamp and timezone of activity
• Comment: * Intensity/frequency (short log extracts)
• Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
• Ref: https://rdap.arin.net/registry/entity/AT-88-Z
• OrgRoutingHandle: IPROU3-ARIN
• OrgRoutingName: IP Routing
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
• OrgAbuseHandle: AEA8-ARIN
• OrgAbuseName: Amazon EC2 Abuse
• OrgAbusePhone: +1-206-555-0000
• OrgAbuseEmail: abuse@amazonaws.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
• OrgNOCHandle: AANO1-ARIN
• OrgNOCName: Amazon AWS Network Operations
• OrgNOCPhone: +1-206-555-0000
• OrgNOCEmail: amzn-noc-contact@amazon.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
• OrgRoutingHandle: ARMP-ARIN
• OrgRoutingName: AWS RPKI Management POC
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
• OrgTechHandle: ANO24-ARIN
• OrgTechName: Amazon EC2 Network Operations
• OrgTechPhone: +1-206-555-0000
• OrgTechEmail: amzn-noc-contact@amazon.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
• NetRange: 54.79.0.0 - 54.79.255.255
• CIDR: 54.79.0.0/16
• NetName: AMAZO-ZSYD8
• NetHandle: NET-54-79-0-0-1
• Parent: AMAZON-2011L (NET-54-64-0-0-1)
• NetType: Reallocated
• OriginAS: AS16509
• Organization: Amazon.com, Inc. (AMAZO-4)
• RegDate: 2014-03-21
• Updated: 2021-02-10
• Ref: https://rdap.arin.net/registry/ip/54.79.0.0
• OrgName: Amazon.com, Inc.
• OrgId: AMAZO-4
• Address: Amazon Web Services, Inc.
• Address: P.O. Box 81226
• City: Seattle
• StateProv: WA
• PostalCode: 98108-1226
• Country: US
• RegDate: 2005-09-29
• Updated: 2022-09-30
• Comment: For details of this service please see
• Comment: http://ec2.amazonaws.com
• Ref: https://rdap.arin.net/registry/entity/AMAZO-4
• OrgAbuseHandle: AEA8-ARIN
• OrgAbuseName: Amazon EC2 Abuse
• OrgAbusePhone: +1-206-555-0000
• OrgAbuseEmail: abuse@amazonaws.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
• OrgRoutingHandle: IPROU3-ARIN
• OrgRoutingName: IP Routing
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
• OrgNOCHandle: AANO1-ARIN
• OrgNOCName: Amazon AWS Network Operations
• OrgNOCPhone: +1-206-555-0000
• OrgNOCEmail: amzn-noc-contact@amazon.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
• OrgRoutingHandle: ARMP-ARIN
• OrgRoutingName: AWS RPKI Management POC
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
• OrgTechHandle: ANO24-ARIN
• OrgTechName: Amazon EC2 Network Operations
• OrgTechPhone: +1-206-555-0000
• OrgTechEmail: amzn-noc-contact@amazon.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
• NetRange: 54.79.0.0 - 54.79.255.255
• CIDR: 54.79.0.0/16
• NetName: AMAZO-ZSYD8
• NetHandle: NET-54-79-0-0-2
• Parent: AMAZO-ZSYD8 (NET-54-79-0-0-1)
• NetType: Reallocated
• OriginAS: AS16509
• Organization: Amazon Corporate Services Pty Ltd (ACSPL-2)
• RegDate: 2014-07-21
• Updated: 2014-07-21
• Ref: https://rdap.arin.net/registry/ip/54.79.0.0
• OrgName: Amazon Corporate Services Pty Ltd
• OrgId: ACSPL-2
• Address: 400 Harris Street
• Address: Ultimo
• City: Sydney
• StateProv: NSW
• PostalCode: 2006
• Country: AU
• RegDate: 2014-07-18
• Updated: 2014-07-18
• Ref: https://rdap.arin.net/registry/entity/ACSPL-2
• OrgTechHandle: ANO24-ARIN
• OrgTechName: Amazon EC2 Network Operations
• OrgTechPhone: +1-206-555-0000
• OrgTechEmail: amzn-noc-contact@amazon.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
• OrgAbuseHandle: AEA8-ARIN
• OrgAbuseName: Amazon EC2 Abuse
• OrgAbusePhone: +1-206-555-0000
• OrgAbuseEmail: abuse@amazonaws.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
• OrgNOCHandle: AANO1-ARIN
• OrgNOCName: Amazon AWS Network Operations
• OrgNOCPhone: +1-206-555-0000
• OrgNOCEmail: amzn-noc-contact@amazon.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN

Links to attack logs

****** ****** ******