13.248.158.159 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 13.248.158.159 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

• Tags: Nextray, cyber security, ioc, malicious, phishing

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: coinbl_hosts

• Country: United States
• Network: AS16509 amazon.com inc
• Noticed: 23 times
• Protcols Attacked: SSH
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: ns1.sharedhostingsupport.us ns1.eyopolis.biz s12223.com ns1.chopsuwey.com 38851166.com ns1.zerotrust.host 586.com ns1.germany-vps.xyz ns1.rectify-mainaffix.com ns3.idevice-alert.com 38850004.com ns1.speedyserver.xyz ns1.imap-info.com ns1.cheapcourierservice.com ns1.veguetaserver.us ns1.wbpro.xyz ns1.highservershost.com ns1.grapcxm.xyz ns1.proloppe.xyz ns1.hostuk.pw ns1.empezarhoy2022.com ns1.firesolutions2022.com ns1.univberth.com ns1.asosie.store ns1.office365update.live ns1.mainnetsyncbridge.com ns1.motelvisit.com ns1.btctradersinvest.com ns1.westernrollercanaryassociation.org ns1.safetyguardbyhelmet.co.in ns1.lesacq.porits.com ns1.contenttestserver.website ns1.fikrett.com ns1.redefiningafrica.com ns1.cepsex.info ns1.ai-intelhosters.com ns1.brightfuture22.com ns1.smartfuture22.com ns1.indionichost.com ns3.indionichost.com ns1.toppension.org ns1.goldengcc2022.com ns1.2022golden-gcc.com ns1.2022-golden-gcc.com ns1.kadimafuture.com ns909.aquila.it ns1.meghasot.xyz ns1.halasport.com ns1.authenticatewalletaccount.com ns1.cadosphere.ca ns1.updatefinancialbank.us ns1.anonprivatedns.com ns1.royalbkaccess.com ns1.sharedhostingip.us ns3.servermatrix.xyz ns1.servermatrix.xyz ns1.dnscloud8.com ns1.l4cky.com ns1.6745martel.com ns1.fibrefell.net ns1.answers.restricted.minodes.com ns2047.postmates.co ns235221.postmates.co ns457.postmates.co ns337313.postmates.co ns382253.postmates.co ns671.postmates.co ns1051.ww7.rawkube.nettyinternet.com ns173.nettyinternet.com ns429.nettyinternet.com ns391.nettyinternet.com ns1051.ns769.nettyinternet.com ns837.nettyinternet.com ns237.nettyinternet.com ns307.nettyinternet.com ns563.nettyinternet.com ns51.syweb.postmates.co ns795.postmates.co ns819.syweb.postmates.co ns8243.postmates.co ns352047.postmates.co ns516665.postmates.co ns37899.postmates.co ns1.prod.answers.minodes.com ns1.answers.development.minodes.com ns527.syweb.postmates.co ns1.management.answers.minodes.com ns733.node.bkex.io ns669.ns761.bkex.io ns1065.ingress.bkex.io ns669.ns669.bkex.io ns669.trial.bkex.io ns845.repository.bkex.io ns1.gist.answers.minodes.com ns329.api.bkex.io ns761.ann.bkex.io ns1.cloud.answers.minodes.com ns8173.postmates.co ns6521.postmates.co ns1.att.postmates.co ns3306263.postmates.co ns3027399.postmates.co ns335241.postmates.co ns330815.postmates.co ns3047959.postmates.co ns3265565.postmates.co ns3.se.postmates.co ns3010977.postmates.co ns379997.postmates.co ns669.bkex.io ns761.bkex.io ns245.postmates.co ns329.bkex.io ns37.syweb.postmates.co ns733.bkex.io ns1065.bkex.io ns117.bkex.io ns845.bkex.io ns330203.postmates.co ns277.bkex.io ns700027.postmates.co ns365.postmates.co ns63.nasa.com ns01.nasa.com ns1.babesgo.com ns99.info ns1.perf-cloud.com ns111.syweb.postmates.co ns351.syweb.postmates.co ns735.syweb.postmates.co ns1.player1523.com ns1.player1352.com ns3.thepicturehut.net ns1.thepicturehut.net ns1.warminvention.co ns1.clearbasin.online ns1.empressgoldexchange.info ns223.postmates.co ns1.anubis-serverworld.com ns141.postmates.co ns43.postmates.co ns9.hbmypaycard.com ns1.b7websites.net ns01.abnamroprivatebanking.lu ns23.abnamroprivatebanking.lu ns1.player1253.com ns8539.codex.one ns33469.codex.one ns1.unnimcaixa.cat ns1.redhosta.site ns1.myactivity-google.com ns89.com ns1.127-0-0-1.biz ns1.starkasino.org ns1.mcsbe.net ns3.testsubnet.com ns1.testsubnet.com ns1.720p-izle.net ns1.royalways.live ns1.confoederatio.net ns25.flowers4you.space ns21.stream ns1.catfordfilm.org ns1.rexcelsgroup.com ns3.hostasa.org ns1.hostasa.org keys4success.live www.keys4success.live ns1.totallifechangesnews.com ns1.fiddleheadcafe.com ns7.weservstats.com ns1.farzanhost.com xxsq1.xyz ylsav.xyz szzpl.com epfft.com 7080pao7.xyz oauge6.work a40684.work 6auess.work ssss.ee 666.bz b95rvj.work x9vlh5.work v3113v.work om2au2.work lrj5br.work hnlp1h.work ga2qke.work 08eki8.work selulu.me w80t8mfwbvgpwz8a.xyz xdmgcinwtwmbqbaq.xyz g85cxoi41hh65p55.xyz ns1.installusd.online sebaike.com chushuila1.xyz ns1.easy-mcafeecom-activate.com ylsav1.xyz xxsq2.xyz ns1.greenflight.club tfd71x.work sewang.live 9nhxf7.work t1er.xyz pipl.xyz xiyouav.com seboku.xyz chushuila.xyz rere.lu jpd11p.work xiyouav.xyz papase.cc seboku.com chushuila.com ppse-av.site pplu-av.site username.work xingyouneng.com cjjdk.com yinluanse.com xxsequ.com tuerav1.com tuerav.com ssxoxx.com 91yinse.com wuaw6s.work 335nl5.work www.sebaike.xyz wuwuav.com sebaike.xyz uuse.xyz 1a2v.com youwuba.com seboku1.xyz wuwukan1.com sese.cz gaw24a.work nmapp.xyz ns1.visual-translator.xyz ns1.sbvjhs.club ns1.firefox-search.xyz ns1.sbvjhs.xyz ns1.wiki-text.xyz ns1.alreadytrue.com ns1.futureworld.press ns1.golcomnetmuq12eiq.biz ns1.ipchina87-reverse.xyz ns5.solvedhcm.com ns1.kennamarketing.com ns3.armstronghub.com ns1.docsview.us ns3.hausdekoration.cf ns1.wafijo.com ns1.host-guard.com ns103.yahoo-poker-555.info ns1.torunnews24.com ns1.hackerscouncil.com ns21.com ns1.co.nf ns1.hash4.life ns0.dedicatedpool.com ns1.eu.triplemining.com ns1.api.triplemining.com ns0.api.triplemining.com ns0.triplemining.com ns1.dedicatedpool.com ns3.api.triplemining.com ns3.dedicatedpool.com ns3.triplemining.com ns3.sandfestival.co.kr ns1.slightconfirmation-vb.com ns1.prohosta.info ns1.aerospacemuseum.co.kr ns3.bankads.cm ns3.v6nameserver.com ns1.v6nameserver.com ns1.tx.com ns21.vip ns1.website.tk stuffedpickles.com ns1.booki.website.tk ns1.ebooter.com ns1.seoparking.com ns1.winfred.website.tk ns1.kral-telecom.com ns1.letsgrow.me ns1.exgfd7.info ns7.kinderzimmer.top ns21.kinderzimmer.top ns1.salto-web999.com ns11.bang-rey.tk ns01.hostinguer.com ns1.mreds.com ns5.hostinguer.com ns9.hostinguer.com ns21.hostinguer.com ns3.hostinguer.com ns1.juttgandohain.com ns1.kitabacha.com ns1.yputube.fr ns1.vegettaserver.us ns1.freevoicedns.com ns1.parkingcrew.net

Malware Detected on Host

Count: 545 8ab302ce5d60c207b3e80e102c188ef6fef375c3a32a265e47abfef71599c9db 6597311a903867f2721d4832b018ec411b1f13f0261429bbc3d3261db74f6ab2 cdd2d938839f11855d99269836fefc8e0af2283f09a3e5c20bfef19df3e10661 9b56fc3778751ede786fbfdc24b1dbf39acc19e467de1d4f7d4eb483dd0f470b e5331c720146a3a4f13b3afc0aa3fbb86673007de99af09b4e6d87e074b9ee07 6691c368b9316f6fdabb24837816aaeb26bb9b982c7b10316411eddf1ddde9eb 35eee01ebd4ea4961b6fb9595897b0d82362c7ccac9a637f0911107c2c5dcc2b 024585925f3e48f5c52ed018897c9eb5a8029d4b371b49d5c6c26639aa9d4a42 2decec9a5900e1d524a52de60ec05d94005260ea00248a7aa016b35d95451a03 b677e1e54af414fc847005a3fdeeb1fa6c9aab23484564e41b8340a91b88e8ac

Open Ports Detected

53

Map

Whois Information

• NetRange: 13.244.0.0 - 13.251.255.255
• CIDR: 13.248.0.0/14, 13.244.0.0/14
• NetName: AT-88-Z
• NetHandle: NET-13-244-0-0-1
• Parent: NET13 (NET-13-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Amazon Technologies Inc. (AT-88-Z)
• RegDate: 2018-07-11
• Updated: 2021-02-10
• Ref: https://rdap.arin.net/registry/ip/13.244.0.0
• OrgName: Amazon Technologies Inc.
• OrgId: AT-88-Z
• Address: 410 Terry Ave N.
• City: Seattle
• StateProv: WA
• PostalCode: 98109
• Country: US
• RegDate: 2011-12-08
• Updated: 2022-09-30
• Comment: All abuse reports MUST include:
• Comment: * src IP
• Comment: * dest IP (your IP)
• Comment: * dest port
• Comment: * Accurate date/timestamp and timezone of activity
• Comment: * Intensity/frequency (short log extracts)
• Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
• Ref: https://rdap.arin.net/registry/entity/AT-88-Z
• OrgNOCHandle: AANO1-ARIN
• OrgNOCName: Amazon AWS Network Operations
• OrgNOCPhone: +1-206-555-0000
• OrgNOCEmail: amzn-noc-contact@amazon.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
• OrgRoutingHandle: IPROU3-ARIN
• OrgRoutingName: IP Routing
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
• OrgTechHandle: ANO24-ARIN
• OrgTechName: Amazon EC2 Network Operations
• OrgTechPhone: +1-206-555-0000
• OrgTechEmail: amzn-noc-contact@amazon.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
• OrgRoutingHandle: ARMP-ARIN
• OrgRoutingName: AWS RPKI Management POC
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
• OrgAbuseHandle: AEA8-ARIN
• OrgAbuseName: Amazon EC2 Abuse
• OrgAbusePhone: +1-206-555-0000
• OrgAbuseEmail: abuse@amazonaws.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN