IOC Radar
IPMediumSignal 0/100

44.244.22.128

Location
United StatesUnited States
Portland, Oregon
ASN
AS16509
AWS EC2 (us-west-2)
First Seen
Jun 18, 2025
Last Seen
Jun 9, 2026
Jun 18
First Seen
361d ago
Jun 9
Last Seen
5d ago
3
Reports
source reports
0%
Confidence
medium
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryUSUnited States
RegionPortland, Oregon
ASNAS16509
OrganizationAWS EC2 (us-west-2)

Feed Intelligence Summary

3 reports0% confidence
3
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

· Peak: 2026-06-09
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC) pertains to the IPv4 address `44.244.22.128`, which has been explicitly whitelisted across multiple reputable threat intelligence feeds, including AbuseIPDB Hourly Update and AlienVault Ransomware-Firehol. The associated score of 0.0 further reinforces its benign nature and indicates no malicious activity has been reliably detected. Given these factors, this IOC presents an exceptionally low risk to the organization. There is no evidence suggesting malicious ac…

Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
3
Reports
First seenJun 18, 2025
Last seenJun 9, 2026
GeolocationUS
CountryUnited States
LocationPortland, Oregon
ASNAS16509
OrgAWS EC2 (us-west-2)
Coords45.5235, -122.6765

VirusTotal

Not checked

WHOIS

description
Warning:Probably fake Windows Update Sigma Rule--DONUTLOADER has been detected (YARA) Steals Growtopia credentials and data (YARA) cont in notesMEDUZA has been detected (YARA) XWORM has been detected (SURICATA) T1555.003 Credentials from Web Browsers (1) Steals credentials from Web Browsers T1552.001 Credentials In Files (1) Steals credentials from Web Browsers T1217 Browser Information Discovery (1) Steals credentials from Web Browsers Warning 9 the rest in comments
raw
Amazon.com, Inc. AMAZO-4 (NET-44-192-0-0-1) 44.192.0.0 - 44.255.255.255 Amazon.com, Inc. AMAZO-ZPDX (NET-44-224-0-0-1) 44.224.0.0 - 44.255.255.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 5 days ago
Appeared in 3 threat reports