13.248.216.40 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 13.248.216.40 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 70/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: United States
  • Network: AS16509 amazon.com inc
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Arab Emirates, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Open Ports: 80
  • Tor Node: No
  • Associated Malware Samples: 151

Tags

  • aaaa
  • acint
  • active threat
  • a domains
  • africa
  • afrinic
  • agent
  • aig
  • alexa
  • alexa top
  • alienvault
  • all octoseek
  • all scoreblue
  • all search
  • allusersprofile
  • amazon
  • amazon data
  • amazon ec2
  • analysis
  • antivirus
  • api sample
  • apnic
  • apple
  • apple ios
  • arin
  • artemis
  • artro
  • as13335
  • as140641
  • as14153
  • as15133 verizon
  • as15169 google
  • as16625 akamai
  • as20940
  • as21342
  • as30456
  • as396982 google
  • as44273 host
  • as54113
  • as63949 linode
  • ascii text
  • asia pacific
  • asnone united
  • asyncrat
  • att
  • attack
  • authority
  • autoit
  • avast avg
  • av checkin
  • avg clamav
  • awful
  • azorult
  • babar
  • bank
  • banker
  • b body
  • bc https
  • betabot
  • blacklist
  • blacklist http
  • blacknet
  • blacknet rat
  • bladabindi
  • blister
  • blocker
  • bluenoroff
  • blvd
  • body
  • body length
  • botnet command
  • bq mar
  • bradesco
  • brian sabey
  • cascade
  • center
  • chaos
  • checkin
  • checkin m1
  • china cobalt
  • chrome
  • ch ua
  • cidr
  • cins active
  • cisco umbrella
  • city
  • civicaIg
  • ck id
  • class
  • cleaner
  • click
  • closeup view
  • cnc
  • cobalt strike
  • code
  • collections
  • command _and_control
  • communicating
  • company limited
  • computer
  • conduit
  • connection
  • contacted
  • control server
  • core
  • count blacklist
  • country
  • crack
  • creation date
  • critical
  • cryp
  • crypto
  • csv behavior
  • csv test
  • cybercrime
  • cyber security
  • cyber stalking
  • cyber threat
  • dark power
  • darpa
  • data center
  • date
  • date hash
  • dbatloader
  • deepscan
  • description ype
  • detection list
  • discord
  • dnspionage
  • dns replication
  • dnssec
  • domain
  • domains
  • downldr
  • download
  • downloader
  • dropped
  • dropper
  • email
  • emails
  • emotet
  • encrypt
  • entries
  • entries related
  • ermac
  • error
  • et tor
  • exchange meta
  • execution
  • exit
  • expiration date
  • expiressun
  • exploit
  • export
  • facebook
  • fakealert
  • fake host
  • falcon sandbox
  • family
  • february
  • files
  • file size
  • files show
  • file type
  • final url
  • firehol
  • first
  • form
  • formbook
  • for privacy
  • fraud services
  • fri jun
  • fusioncore
  • gandi sas
  • general
  • generator
  • generic
  • generic malware
  • genkryptik
  • germany unknown
  • gmt0600
  • gmt cache
  • gmt content
  • google
  • google tag
  • graph
  • graph community
  • gvb gelimed
  • hackers
  • hacktool
  • hash avast
  • headers
  • headers date
  • heur
  • hijacker
  • historical
  • historical ssl
  • history first
  • host
  • hostnames
  • html info
  • html internet
  • http
  • http response
  • http spammer
  • hughesnet
  • hybrid
  • hybridanalysis
  • iana
  • ids detections
  • iframe
  • iframe tags
  • india
  • indonesia
  • info
  • info api
  • initial checkin
  • installcore
  • installer
  • installpack
  • iobit
  • ioc
  • iocs
  • ios
  • ip address
  • ip detections
  • ip reputation
  • ip summary
  • ipv4
  • ipv4 address
  • irata
  • javascript
  • july
  • june
  • kb body
  • kb microsoft
  • kb program
  • keylogger
  • kleinart
  • known tor
  • kontakt
  • kyriazhs1975
  • lacnic
  • laplasclipper
  • lazarus
  • learn
  • limited
  • limited yotta
  • link
  • loader
  • local
  • localappdata
  • lolkek
  • los angeles
  • lowfi
  • lumma stealer
  • magic html
  • mail spammer
  • makop
  • malicious
  • malicious host
  • malicious site
  • malicious url
  • maltiverse
  • malvertizing
  • malware
  • malware site
  • manager anchor
  • march
  • mario
  • mb acrotray
  • mb iesettings
  • mbt
  • mediaget
  • meta
  • metasploit
  • meta tags
  • methodpost
  • metro
  • milehighmedia
  • million
  • million alexa
  • mirai
  • misc attack
  • mitre att
  • monitoring
  • mon jun
  • moved
  • movies
  • msdefender mar
  • msie
  • msil
  • mtb dec
  • mtb feb
  • mtb mar
  • name servers
  • name verdict
  • nanocore
  • net192
  • net1920000
  • nethandle
  • network
  • next
  • Nextray
  • njrat
  • node traffic
  • noname057
  • nsa utah
  • number
  • nxdomain
  • office open
  • online fri
  • online sat
  • online sun
  • open
  • opencandy
  • open threat
  • orgabusehandle
  • orgabusephone
  • orgid
  • orgtechhandle
  • otx octoseek
  • outbreak
  • ovh sas
  • partru
  • passive dns
  • password crack
  • paste
  • path
  • pattern match
  • phishing
  • phishing site
  • phishtank
  • pixel
  • play ransomware
  • po box
  • pony
  • porkbun
  • porn
  • pornhub
  • possible fake
  • postalcode
  • presenoker
  • prism
  • private limited
  • programdata
  • programfiles
  • pt3rc1
  • pt3uc1
  • pulse pulses
  • pulse submit
  • python
  • qakbot
  • quasar
  • quasar rat
  • ramnit
  • ransom
  • ransomexx
  • ransomware
  • rc7 bypassed
  • redline stealer
  • redlinestealer
  • referrer
  • regexpandsz d
  • relacionada
  • relayrouter
  • relic
  • resolutions
  • response final
  • responsible
  • rexxfield
  • ripe ncc
  • riskware
  • roblox
  • root ca
  • roots
  • runescape
  • safe site
  • sameorigin
  • sample
  • samples
  • sat apr
  • sat jun
  • sawyer
  • scan endpoints
  • scanning host
  • score integrate
  • script
  • script tags
  • script urls
  • search
  • sec ch
  • server
  • servers
  • service
  • services
  • sha256
  • show
  • showing
  • siem
  • site
  • site safe
  • site top
  • soar
  • softcnapp
  • solimba
  • spammer
  • spying
  • spyware
  • ssdeep
  • ssl certificate
  • stateprov
  • status
  • status code
  • stealer
  • stopransomware
  • strike
  • strike cobalt
  • strings
  • submission
  • submitters
  • suddenlink tv
  • summary
  • summary iocs
  • sun jun
  • sun sep
  • super
  • suppobox
  • susp
  • t1507537243
  • t1604023287
  • tag count
  • tags twitter
  • targeting
  • target tsara brashears
  • team
  • team alexa
  • team proxy
  • tech
  • temp
  • tencent
  • text
  • text edge
  • text iocs
  • text query16752
  • threat
  • threat report
  • threat roundup
  • thu nov
  • tiggre
  • title error
  • tld count
  • toshiba
  • tot public
  • trackers amazon
  • tracking
  • trid file
  • trojan
  • trojandropper
  • trojanspy
  • trojanx
  • tsara brashears
  • tue apr
  • tulach
  • turla
  • twitter
  • tylerknott
  • type
  • type name
  • tzw variants
  • union
  • united
  • unknown
  • unruy
  • unsafe
  • url analysis
  • url http
  • urls
  • urls http
  • url summary
  • ursnif
  • utah data
  • utc http
  • utc submissions
  • vidar
  • view
  • virtool
  • vj79
  • wacatac
  • watch
  • webtoolbar
  • wed sep
  • whitelisted
  • whois lookup
  • whois record
  • whois whois
  • win32
  • win32cve mar
  • win32 dll
  • win32 exe
  • win32qqpass dec
  • win32upatre dec
  • win32upatre mar
  • windir
  • w jefferson
  • woff2
  • wormx
  • xml document
  • xrat
  • xtrat
  • yotta
  • yotta data
  • yotta network
  • zbot

MITRE ATT&CK TTPs

  • T1027 - Obfuscated Files or Information
  • T1031 - Modify Existing Service
  • T1036.004 - Masquerade Task or Service
  • T1055 - Process Injection
  • T1057 - Process Discovery
  • T1059.007 - JavaScript
  • T1059 - Command and Scripting Interpreter
  • T1068 - Exploitation for Privilege Escalation
  • T1071.001 - Web Protocols
  • T1071.004 - DNS
  • T1071 - Application Layer Protocol
  • T1091 - Replication Through Removable Media
  • T1100 - Web Shell
  • T1105 - Ingress Tool Transfer
  • T1110 - Brute Force
  • T1129 - Shared Modules
  • T1140 - Deobfuscate/Decode Files or Information
  • T1156 - Malicious Shell Modification
  • T1185 - Man in the Browser
  • T1410 - Network Traffic Capture or Redirection
  • T1444 - Masquerade as Legitimate Application
  • T1449 - Exploit SS7 to Redirect Phone Calls/SMS
  • T1497 - Virtualization/Sandbox Evasion
  • T1560 - Archive Collected Data
  • T1566 - Phishing
  • T1583.004 - Server
  • T1598 - Phishing for Information
  • T1605 - Command-Line Interface
  • TA0037 - Command and Control

Passive DNS

  • spellcraft.org

Attack Log References

Whois Information

NetRange: 13.244.0.0 - 13.251.255.255 CIDR: 13.244.0.0/14, 13.248.0.0/14 NetName: AT-88-Z NetHandle: NET-13-244-0-0-1 Parent: NET13 (NET-13-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Amazon Technologies Inc. (AT-88-Z) RegDate: 2018-07-11 Updated: 2021-02-10 Ref: https://rdap.arin.net/registry/ip/13.244.0.0 OrgName: Amazon Technologies Inc. OrgId: AT-88-Z Address: 410 Terry Ave N. City: Seattle StateProv: WA PostalCode: 98109 Country: US RegDate: 2011-12-08 Updated: 2024-01-24 Comment: All abuse reports MUST include: Comment: * src IP Comment: * dest IP (your IP) Comment: * dest port Comment: * Accurate date/timestamp and timezone of activity Comment: * Intensity/frequency (short log extracts) Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time. Ref: https://rdap.arin.net/registry/entity/AT-88-Z OrgTechHandle: ANO24-ARIN OrgTechName: Amazon EC2 Network Operations OrgTechPhone: +1-206-555-0000 OrgTechEmail: amzn-noc-contact@amazon.com OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN OrgRoutingHandle: IPROU3-ARIN OrgRoutingName: IP Routing OrgRoutingPhone: +1-206-555-0000 OrgRoutingEmail: aws-routing-poc@amazon.com OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN OrgNOCHandle: AANO1-ARIN OrgNOCName: Amazon AWS Network Operations OrgNOCPhone: +1-206-555-0000 OrgNOCEmail: amzn-noc-contact@amazon.com OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN OrgRoutingHandle: ARMP-ARIN OrgRoutingName: AWS RPKI Management POC OrgRoutingPhone: +1-206-555-0000 OrgRoutingEmail: aws-rpki-routing-poc@amazon.com OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN OrgAbuseHandle: AEA8-ARIN OrgAbuseName: Amazon EC2 Abuse OrgAbusePhone: +1-206-555-0000 OrgAbuseEmail: abuse@amazonaws.com OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN