44.220.188.220
## IP INTELLIGENCE BRIEFING
Subject: 44.220.188.220/32
Date: Current
Classification: Moderate Risk
---
EXECUTIVE SUMMARY
IP address 44.220.188.220 is a cloud host operating as a single-service HTTP endpoint under Amazon Web Services infrastructure. The IP exhibits moderate risk characteristics (score: 50/100) with operational presence in the Ashburn, VA data center region. Neighborhood analysis indicates elevated abuse density within the /24 subnet (58.33%), correlating with 21 of 36 sibling IPs flagged as threats.
---
OWNERSHIP & NETWORK CLASSIFICATION
- Provider: Amazon Web Services
- ASN: 14618 (AMAZON-IAD)
- Organization: Amazon Data Services Northern Virginia
- CIDR Block: 44.192.0.0/11
- Geolocation: Ashburn, Virginia, US (39.83°N, -98.58°W)
- Network Type: Cloud/Infrastructure Host
- Classification: Single-Service Host
---
SERVICE PROFILE
- Primary Service: HTTP (TCP/80)
- Server Banner: Reposify
- DNS PTR: scanner-44-220-188-220.reposify.net
- Forward Resolution: Confirmed
- HTTP Status: 200 OK
- Security Headers: HSTS disabled, CSP disabled, Referrer Policy absent
---
THREAT ASSESSMENT
Risk Score: 50/100 (Moderate)
Threat Indicators:
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Blacklist Count: 0
- DNSBL Listings: 2 of 8
- Threat Persistence: None detected
- Campaign Correlation: None
Network Context:
- Subnet abuse density: 58.33% (high_abuse classification)
- Threat sibling count: 21 of 36 total IPs in /24
- Average neighbor risk score: 40/50
- Inherited subnet risk: 23/100
---
OBSERVATION HISTORY
Total Observations: 22 signals recorded
Recent Activity (2026-06-17):
- Port scanning detected (multiple TCP ports probed)
- HTTP service fingerprinting: Reposify server signature
- Geolocation validation: ICMP blocked; distance calculation: 6,312.5 km
- HTTP scanning: Server response time 320ms, HTTP/1.0 protocol
- Content: robots.txt configured with disallow all
- No TLS/SSL certificate deployed
Temporal Analysis:
- Ownership changes: 0
- Threat observation count: 0
- Not classified as persistently malicious
- No significant risk escalation observed
---
ENTITY RELATIONSHIPS
Primary Associations:
- DNS Hostname: scanner-44-220-188-220.reposify.net
- Network: AMAZON-IAD (repeated association)
- No certificate relationships detected
- No organization-level correlation beyond AWS infrastructure
---
SECURITY RECOMMENDATIONS
Risk-Based Mitigation:
Firewall Rules:
```bash
# iptables
iptables -A INPUT -s 44.220.188.220 -j DROP
# nftables
nft add rule inet filter input ip saddr 44.220.188.220 drop
# nginx
deny 44.220.188.220;
# pfSense
44.220.188.220/32
# Cloudflare WAF
{"description":"Block 44.220.188.220 β IPDebrief risk score 50","action":"block","filter":{"expression":"ip.src eq 44.220.188.220"}}
# AWS WAF
{"Addresses":["44.220.188.220/32"],"Description":"IPDebrief risk 50"}
```
Decision Factors:
- Moderate risk score (50) with empty recommendation profile
- High-abuse subnet context may indicate broader infrastructure compromise
- Consider blocking at perimeter with monitoring for false positives
- Reposify hostname suggests automated scanning infrastructure
- Cloud infrastructure location limits mitigation options (AWS-hosted)
---
ANALYST NOTES
This IP operates within a high-abuse AWS subnet with 58% abuse density. While not directly flagged as malicious, the neighborhood context and port scanning activity warrant defensive blocking. The Reposify server signature indicates potential scanning automation infrastructure. Monitor for lateral movement attempts within the 44.220.188.0/24 subnet and correlate with any observed threat actor activity.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Amazon Data Services Northern Virginia |
| ASN | AS14618 |
| Network Name | AMAZON-IAD |
| CIDR Block | 44.192.0.0/11 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | scanner-44-220-188-220.reposify.net |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | scanner-44-220-188-220.reposify.net |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Single-Service Host |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| Closed Ports | 22, 25, 443, 3389, 8080, 8443 (1 open / 7 scanned) | ||
| Server | Reposify |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 17% | 1 | 1 |
| services | 35% | 2 | 3 |
| ownership | 35% | 2 | 3 |
| reputation | 17% | 1 | 2 |
| geolocation | 35% | 2 | 3 |
| Overall | 29% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-06-16 00:09:10 UTC |
| Last Seen | 2026-06-22 00:02:28 UTC |
| Profile Built | 2026-06-22 00:31:27 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 24 |
Full dossier details are available via our API.