44.220.185.194
# IPDEBRIEF INTELLIGENCE BRIEFING
Target: 44.220.185.194/32
Classification: Moderate Risk (Score: 40/100)
Date: Current Analysis Cycle
Provider: Amazon Web Services, Inc.
---
## EXECUTIVE SUMMARY
The IP address 44.220.185.194 is registered to Amazon Data Services Northern Virginia within the AMAZON-IAD network block (44.192.0.0/11). The endpoint is classified as cloud provider infrastructure with no publicly accessible services. While the IP itself shows moderate risk indicators, its /24 neighborhood demonstrates elevated abuse density, warranting defensive consideration.
---
## INFRASTRUCTURE PROFILE
Ownership & Registration:
- ASN: 14618 (AMAZON-IAD)
- Organization: Amazon Data Services Northern Virginia
- CIDR Block: 44.192.0.0/11
- RIR: ARIN
- Geographic Location: Ashburn, Virginia, United States (39.04°N, 77.49°W)
Network Role:
- Infrastructure Type: Cloud Provider
- Classification: Firewalled/No Services Detected
- Connection Type: Data Center
DNS Resolution:
- PTR Hostname: scanner-44-220-185-194.reposify.net
- Forward Resolution: Confirmed
- Hosted Domain: reposify.net
- Email Authentication: SPF and DMARC records present
---
## THREAT INDICATORS
Direct Threat Signals:
- Blacklist Count: 0
- Tor Exit Node: No
- Known Attacker: No
- Spam Source: No
- Known Campaigns: None identified
Control Plane Analysis:
- DNSBL Listed: 1 of 8 total lists
- Operator Score: 0.2609 (Basic)
- Route Stability: Unstable (isRouteStable: false)
- RPKI State: Not evaluated
---
## NEIGHBORHOOD ASSESSMENT
Subnet: 44.220.185.0/24
Abuse Density: 0.5556 (High Abuse Classification)
Total Siblings: 29 addresses
Risk Distribution in /24:
- High Risk: 0 IPs
- Medium Risk: 10 IPs
- Low Risk: 19 IPs
Notable Neighbors:
- 44.220.185.4, .12, .22, .36, .62, .85, .100, .195, .254: Risk Score 40
- Multiple IPs with Risk Score 25
- Three IPs with Risk Score 0 (.79, .133, .231)
---
## OBSERVATION HISTORY
Recent Activity (June 16, 2026):
- Port scanning activity detected
- Subnet abuse density analysis completed
- Ownership stability confirmed (no changes)
- No persistent malicious activity observed
- Multiple signal observations across threat, routing, services, ownership, reputation, and geolocation dimensions
Temporal Indicators:
- Threat Persistence Days: 0
- Threat Observation Count: 0
- Ownership Changes: 0
- Persistently Malicious: No
---
## RELATIONSHIP MAPPING
DNS Associations:
- scanner-44-220-185-194.reposify.net (multiple records)
Network Associations:
- AMAZON-IAD (44.192.0.0/11)
---
## RECOMMENDED ACTIONS
Based on risk score 40 and neighborhood abuse density, the following defensive measures are recommended:
Firewall Rules:
- iptables: `iptables -A INPUT -s 44.220.185.194 -j DROP`
- nftables: `nft add rule inet filter input ip saddr 44.220.185.194 drop`
- nginx: `deny 44.220.185.194;`
- pfSense: `44.220.185.194/32`
Cloud/WAF Integration:
- Cloudflare WAF: Block with expression `ip.src eq 44.220.185.194`
- AWS WAF: Add `44.220.185.194/32` to allowed/denied list
---
## ANALYST NOTES
This IP represents AWS cloud infrastructure that has been flagged for scanning activity and is part of a high-abuse density subnet. While the endpoint itself shows no direct malicious indicators, the neighborhood context suggests potential for coordinated scanning or abuse campaigns. SOC teams should monitor for correlation with other medium-risk IPs in the same /24 subnet. The reposify.net hostname association warrants investigation for potential data exfiltration or command-and-control patterns.
---
Generated by: IPDebrief Intelligence Platform
Analysis Complete: Current Session
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Northern Virginia |
| ASN | AS14618 |
| Network Name | AMAZON-IAD |
| CIDR Block | 44.192.0.0/11 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | scanner-44-220-185-194.reposify.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | scanner-44-220-185-194.reposify.net |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 24% | 2 | 2 |
| routing | 17% | 1 | 1 |
| services | 24% | 2 | 2 |
| ownership | 35% | 2 | 3 |
| reputation | 17% | 1 | 2 |
| geolocation | 24% | 2 | 2 |
| Overall | 23% | 10 | 12 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-09 08:13:36 UTC |
| Last Seen | 2026-06-21 16:06:38 UTC |
| Profile Built | 2026-06-21 16:12:54 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 24 |
Full dossier details are available via our API.