15.197.240.20 Threat Intelligence and Host Information

Dec 05, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 15.197.240.20 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Mitre ATT&CK IDs: T1023 - Shortcut Modification, T1036 - Masquerading, T1040 - Network Sniffing, T1055 - Process Injection, T1057 - Process Discovery, T1060 - Registry Run Keys / Startup Folder, T1063 - Security Software Discovery, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1105 - Ingress Tool Transfer, T1119 - Automated Collection, T1129 - Shared Modules, T1204 - User Execution, T1547 - Boot or Logon Autostart Execution, T1553 - Subvert Trust Controls, T1566 - Phishing, T1568 - Dynamic Resolution, T1583 - Acquire Infrastructure, TA0002 - Execution, TA0003 - Persistence, TA0004 - Privilege Escalation, TA0005 - Defense Evasion, TA0006 - Credential Access, TA0007 - Discovery, TA0008 - Lateral Movement, TA0009 - Collection, TA0011 - Command and Control, TA0034 - Impact, TA0040 - Impact

  • Tags: 443 ma2592000, aaaa, aaaa nxdomain, accept, accept accept, access ta0006, activity dns, address, address domain, a domains, agent, a h2, akamaias, akamaiasn1, alf features, algorithm, a li, all scoreblue, all search, amazon02, america asn, analyzer paste, android windows, anomalous file, a nxdomain, apple, application, as132147, as14061, as14636, as15133 verizon, as15169, as15169 google, as16509, as16552 tiggee, as16625 akamai, as19527 google, as20940, as21301, as21342, as29791, as3359, as36459, as396982 google, as43830, as44273 host, as45102 alibaba, as48287 jsc, as50340, as54113, as61969 team, as62597 nsone, as8075, as852, as9123 timeweb, as9808 china, ascii text, asnone united, a td, auto-generated security, av detections, backdoor, bad request, bigrock, binary file, body, body h1, body html, body length, branches tags, brian sabey, cape, ca valid, certificate, certificates, checkin, china, china unknown, chrome, ck id, class, click, cloudflare, cloudfront, cloud provider, cname, cnc checkin, code, code issues, code signing, compiler, contact, contacted, contained, control ta0011, copy, copyright, corporation, country, create date, creation date, crowdstrike, cryp, cuba, cus olet, cycbot, czechia unknown, data, date, date hash, default, defender, defense evasion, delete, delete c, delphi, div div, dj ai, dns replication, dns resolutions, dnssec, domain, domainabuse, domain name, domains domain, domains top, dongjun jeong, dos executable, download, downloader, dynadot, dynadot inc, dynadot llc, dynamic, dynamicloader, e0e8e, emails, encrypt, encrypt cnr10, entries, error, executable, expiration date, expiro, expiro malware, expiry date, exploit, facebook, fadok, failure, fakedout threat, february, filehash, files, file samples, files domain, files ip, files location, files matching, files related, final url, first, footer, form, format, formbook cnc, from, g2 tls, gandi sas, gecko, generator, generic, generic windos, geoip, germany unknown, get updates, ghost, github, github copilot, github pages, gmt cache, gmt content, gmt date, gmt etag, going dark, google, goog mal, headers server, head title, high, historical ssl, homepage, hostname, hostnames, http, http post, http response, hybrid, icons library, ids detections, ieedge chrome1, impact ta0034, impact ta0040, incapsula, indonesia, info, info header, infosec journey, installcore, intel, internal, invalid url, iocs, ip address, ip detections, ip traffic, ipv4, ireland unknown, javascript, jpn write, june, kb body, key algorithm, khtml, language, level, level3, levelblue, link, local, malware, maze, media, media center, medium, memory pattern, meta, meta name, mexico, microsoft, mini, mitre att, moved, mr windows, msie, ms windows, mtb aug, mtb may, mtb sep, namecheap, name md5, name servers, netherlands, NetSupportManagerRAT, net technology, network, next, ninite, ninite sep, noobyprotect, notifications, number, nxdomain, observed dns, ok server, ollydbg, open ports, os2 executable, otx telemetry, overlay, overview ip, partru, passive dns, path, pattern domains, pattern match, pattern urls, pe32, pe32 compiler, peeringdb, phish, please, possible, powershell, precondition, process32nextw, proton, public key, public url, pull, pulse pulses, pulses, pulses none, pulse submit, python, query, ransom, read c, realteck audio, record type, record value, redacted for, reference, referrer, regdword, registrar, regsetvalueexa, related nids, related pulses, related tags, reverse dns, robots content, rsa sha256, russia unknown, sameorigin, samplepath, samples, scan endpoints, script urls, search, search otx, serial number, server, servers, setup, seznam, sha1, sha256, shell, show, showing, show technique, sign, simda, simda cnc, size, skynet, slcc2, span, span p, stack, stamping, star, stars, status, status code, stop, strings, subdomains, su liao, suspicious, ta0009 command, ta0040, telecom, telper, template, theme directory, thumbprint, title head, tls handshake, trmp, trojan, trojandropper, trojan evader, trojan features, tsvt, ttl value, twitter, type, typo squatting, ukraine, unique tlds, united, united kingdom, united states, unknown, update, update date, url analysis, url https, urls, urls http, v3 serial, valid, validity, valid usage, verisign time, version, view, virtool, vmprotect, whois lookup, win32, win32cve sep, win32mydoom sep, win64, windows nt, without referer, worm, wow64, write, write c, writeups, x ua, yara detections, yara rule, zhi pin

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network:
  • Noticed: 9 times
  • Protocols Attacked: SSH
  • Countries Attacked: Anguilla, Aruba, Australia, Austria, Bahamas, Barbados, Canada, Cayman Islands, China, Costa Rica, Curaçao, Georgia, Guatemala, Japan, Mexico, Netherlands, Panama, Philippines, Poland, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 3084 449146fce0d11a2ed9b3b828112e13a965607a2f7ee345d733c94029518757db 4c7b1f9eb5b6e289d193067a538e5de182ca311e81f9501cbba9fa23f13eb67b 7ba573497a78fa8dc74c95363fb4c1f0fcc494880c2fd61a5c027c9c03959cfb 4ce664c61d6419ea80a57ac5acf846397961d20c8e695ae61a4c662c293eb226 77d93c6b13e0ff157a3fde0b9d34a5c187c25df81fc4e24f76ed83171f5d15ba 80bedb3f045db08687f14b8fc31dbcc3605b3a0ddb60a27890820aed2600af50 5f98ee86aa3b0dd8a495a3f8df132a3ac52d953b4e0df3c24034a98de8afa844 41b0d923a564dd5a195c0d9471a0897e15e90000b2e2c488879c7b73dbbfd152 f904bf05efe1f7211c30e1b1c46e8ffff7f7b2191bcd6792d72c0668dd9922ff df4ccf3b919042e6e877c06019233244fa1c27294e562aed87097d29ee89edbe

Open Ports Detected

443 80

Map

Whois Information

  • NetRange: 15.196.0.0 - 15.200.255.255
  • CIDR: 15.200.0.0/16, 15.196.0.0/14
  • NetName: AT-88-Z
  • NetHandle: NET-15-196-0-0-1
  • Parent: NET15 (NET-15-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS:
  • Organization: Amazon Technologies Inc. (AT-88-Z)
  • RegDate: 2021-01-28
  • Updated: 2022-04-26
  • Comment: —–BEGIN CERTIFICATE—–MIIDnjCCAoYCCQCMCXLBuibPpjANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0dGxlMQwwCgYDVQQKDANBV1MxETAPBgNVBAsMCElkZW50aXR5MRMwEQYDVQQDDApzaWduaW4uYXdzMSwwKgYJKoZIhvcNAQkBFh1hd3MtaWQtc2lnbmluLWNvcmVAYW1hem9uLmNvbTAeFw0yMjA0MjExODEyNDdaFw0yMzA0MjExODEyNDdaMIGQMQswCQYDVQQGEwJVUzELMAkGA1UECAwCV0ExEDAOBgNVBAcMB1NlYXR0bGUxDDAKBgNVBAoMA0FXUzERMA8GA1UECwwISWRlbnRpdHkxEzARBgNVBAMMCnNpZ25pbi5hd3MxLDAqBgkqhkiG9w0BCQEWHWF3cy1pZC1zaWduaW4tY29yZUBhbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OLoxduBX+OJYYmeN1V9WSrohqUuzLeEsRA5TTgyx9IA2rSh8LyoTXiyrlMJfIGO/OE1VOjLMDUXQVoz/YO/CNIss6Iw/NZtLn14RIW/iQ4rS3O+G/ZF91v9IVdiwtPc59mhZfw/vBm/L7zgWJCEMVg/tM04EHmZEOZuodnrjoyPEPihI8qI+PzSYu3JBsZXat8aC7EPmyEcUVfXXu8dcaHm6REbEuB6WU4vCbe303zy9KoA9xbMebr6Hw9Ao/UTTGhAc1tJQD4HdPZwJmt5RMlyEa3jKyEu+YDZrx8Ci617h4KnB3uzOsmjmtbKrErDiw5bluJrZw7Vp2uzxirolQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDYtJyOoj1fUOYjwLyELQnPAfo06/42rktqMOk+bLGK2BYHQzvxFlyBmNl5FzawvOa/auKySgG5ISO7lu29HUMAhIOkD55JWcZu/jkxFFdccQnoezBbVKyEiOfFQJfAgmrNnHlEL587ROO+L+yfAEnJ7BgyBzzzWbaQZhdJd2zHrhAL1cVvQbdXqVPUnFti7A9DfBJ9rQ4GqyIN963AuOHpiberNJbj1ZqNFx72Y4fHAsBRtMdXkG+pxzPnQt5lurfsSFVnVwDr+/Cm1Rx1EyEwjuXZlem1hQb0olALWKtxbh9pyuP5SP1TdHWyI9EA9Y60dPpqGdL0N5nGmUJ7b2Ka—–END CERTIFICATE—–
  • Ref: https://rdap.arin.net/registry/ip/15.196.0.0
  • OrgName: Amazon Technologies Inc.
  • OrgId: AT-88-Z
  • Address: 410 Terry Ave N.
  • City: Seattle
  • StateProv: WA
  • PostalCode: 98109
  • Country: US
  • RegDate: 2011-12-08
  • Updated: 2024-01-24
  • Comment: All abuse reports MUST include:
  • Comment: * src IP
  • Comment: * dest IP (your IP)
  • Comment: * dest port
  • Comment: * Accurate date/timestamp and timezone of activity
  • Comment: * Intensity/frequency (short log extracts)
  • Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
  • Ref: https://rdap.arin.net/registry/entity/AT-88-Z
  • OrgAbuseHandle: AEA8-ARIN
  • OrgAbuseName: Amazon EC2 Abuse
  • OrgAbusePhone: +1-206-555-0000
  • OrgAbuseEmail: trustandsafety@support.aws.com
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
  • OrgRoutingHandle: ARMP-ARIN
  • OrgRoutingName: AWS RPKI Management POC
  • OrgRoutingPhone: +1-206-555-0000
  • OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
  • OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
  • OrgTechHandle: ANO24-ARIN
  • OrgTechName: Amazon EC2 Network Operations
  • OrgTechPhone: +1-206-555-0000
  • OrgTechEmail: amzn-noc-contact@amazon.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
  • OrgRoutingHandle: IPROU3-ARIN
  • OrgRoutingName: IP Routing
  • OrgRoutingPhone: +1-206-555-0000
  • OrgRoutingEmail: aws-routing-poc@amazon.com
  • OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN
  • OrgNOCHandle: AANO1-ARIN
  • OrgNOCName: Amazon AWS Network Operations
  • OrgNOCPhone: +1-206-555-0000
  • OrgNOCEmail: amzn-noc-contact@amazon.com
  • OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
Share on: