13.248.155.104 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 13.248.155.104 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

• Mitre ATT&CK IDs: T1398 - Modify OS Kernel or Boot Partition, T1399 - Modify Trusted Execution Environment

• Tags: cyber security, host europe, ioc, malicious, Nextray, phishing, skoruk ua, wnet ua

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: coinbl_hosts, hphosts_emd, hphosts_psh

• Country: United States
• Network: AS16509 amazon.com inc
• Noticed: 34 times
• Protocols Attacked: SSH
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 15 8165eb1e6ebc0f6980ee99eb7da68e06ad3f8db92bd7bce8bf6031e347cd058f 94cdf28c30c4bb09d191990706844f10d8ba837459c9a81dd672f209e77c2fb9 59eaec4370420c67a9cc7d41ef57d189eb9d7540e85d425b2f0b20cf368e217c 3836dfdf84255dcd769494c8d2ce9dae878d61f26324e2b8c3208ec10beb9377 a9ee2c31cdb61dbeddd498f7ea24af51a8f6d0ee81ebf346996c333626285cdd 02c14e0d63ebeef4ce1b39985fce9dff8f0e8c33d09ed9f7d0ea2f446861c123 7a9938273e502427d127d1aced6f9fe7fd25c7fdffe5319788f1e0588280734b 220db9baec506e8d354656d33d8576e63e33de2b22f9b57d45e93693ee1f5981 abea5bc3b86a03d15857e0e65fea696f9c08b18a5bfc4547ba876568f8532dfd f99f2790eb5fcb8439b1a4ae1f847001d0ce554902f91d877a0056c86f0af9e4

Open Ports Detected

443 80

Map

Whois Information

• NetRange: 13.244.0.0 - 13.251.255.255
• CIDR: 13.244.0.0/14, 13.248.0.0/14
• NetName: AT-88-Z
• NetHandle: NET-13-244-0-0-1
• Parent: NET13 (NET-13-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Amazon Technologies Inc. (AT-88-Z)
• RegDate: 2018-07-11
• Updated: 2021-02-10
• Ref: https://rdap.arin.net/registry/ip/13.244.0.0
• OrgName: Amazon Technologies Inc.
• OrgId: AT-88-Z
• Address: 410 Terry Ave N.
• City: Seattle
• StateProv: WA
• PostalCode: 98109
• Country: US
• RegDate: 2011-12-08
• Updated: 2024-01-24
• Comment: All abuse reports MUST include:
• Comment: * src IP
• Comment: * dest IP (your IP)
• Comment: * dest port
• Comment: * Accurate date/timestamp and timezone of activity
• Comment: * Intensity/frequency (short log extracts)
• Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
• Ref: https://rdap.arin.net/registry/entity/AT-88-Z
• OrgRoutingHandle: IPROU3-ARIN
• OrgRoutingName: IP Routing
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
• OrgNOCHandle: AANO1-ARIN
• OrgNOCName: Amazon AWS Network Operations
• OrgNOCPhone: +1-206-555-0000
• OrgNOCEmail: amzn-noc-contact@amazon.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
• OrgTechHandle: ANO24-ARIN
• OrgTechName: Amazon EC2 Network Operations
• OrgTechPhone: +1-206-555-0000
• OrgTechEmail: amzn-noc-contact@amazon.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
• OrgAbuseHandle: AEA8-ARIN
• OrgAbuseName: Amazon EC2 Abuse
• OrgAbusePhone: +1-206-555-0000
• OrgAbuseEmail: abuse@amazonaws.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
• OrgRoutingHandle: ARMP-ARIN
• OrgRoutingName: AWS RPKI Management POC
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN

Links to attack logs

****** ****** ******