15.197.240.20 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 15.197.240.20 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: United States
  • Noticed: 9 times
  • Protocols Attacked: SSH
  • Countries Attacked: Anguilla, Aruba, Australia, Austria, Bahamas, Barbados, Canada, Cayman Islands, China, Costa Rica, Curaçao, Georgia, Guatemala, Japan, Mexico, Netherlands, Panama, Philippines, Poland, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Open Ports: 443, 80
  • Tor Node: No
  • Associated Malware Samples: 3084

Tags

  • 443 ma2592000
  • aaaa
  • aaaa nxdomain
  • accept
  • accept accept
  • access ta0006
  • activity dns
  • address
  • address domain
  • a domains
  • agent
  • a h2
  • akamaias
  • akamaiasn1
  • alf features
  • algorithm
  • a li
  • all scoreblue
  • all search
  • amazon02
  • america asn
  • analyzer paste
  • android windows
  • anomalous file
  • a nxdomain
  • apple
  • application
  • as132147
  • as14061
  • as14636
  • as15133 verizon
  • as15169
  • as15169 google
  • as16509
  • as16552 tiggee
  • as16625 akamai
  • as19527 google
  • as20940
  • as21301
  • as21342
  • as29791
  • as3359
  • as36459
  • as396982 google
  • as43830
  • as44273 host
  • as45102 alibaba
  • as48287 jsc
  • as50340
  • as54113
  • as61969 team
  • as62597 nsone
  • as8075
  • as852
  • as9123 timeweb
  • as9808 china
  • ascii text
  • asnone united
  • a td
  • auto-generated security
  • av detections
  • backdoor
  • bad request
  • bigrock
  • binary file
  • body
  • body h1
  • body html
  • body length
  • branches tags
  • brian sabey
  • cape
  • ca valid
  • certificate
  • certificates
  • checkin
  • china
  • china unknown
  • chrome
  • ck id
  • class
  • click
  • cloudflare
  • cloudfront
  • cloud provider
  • cname
  • cnc checkin
  • code
  • code issues
  • code signing
  • compiler
  • contact
  • contacted
  • contained
  • control ta0011
  • copy
  • copyright
  • corporation
  • country
  • create date
  • creation date
  • crowdstrike
  • cryp
  • cuba
  • cus olet
  • cycbot
  • czechia unknown
  • data
  • date
  • date hash
  • default
  • defender
  • defense evasion
  • delete
  • delete c
  • delphi
  • div div
  • dj ai
  • dns replication
  • dns resolutions
  • dnssec
  • domain
  • domainabuse
  • domain name
  • domains domain
  • domains top
  • dongjun jeong
  • dos executable
  • download
  • downloader
  • dynadot
  • dynadot inc
  • dynadot llc
  • dynamic
  • dynamicloader
  • e0e8e
  • emails
  • encrypt
  • encrypt cnr10
  • entries
  • error
  • executable
  • expiration date
  • expiro
  • expiro malware
  • expiry date
  • exploit
  • facebook
  • fadok
  • failure
  • fakedout threat
  • february
  • filehash
  • files
  • file samples
  • files domain
  • files ip
  • files location
  • files matching
  • files related
  • final url
  • first
  • footer
  • form
  • format
  • formbook cnc
  • from
  • g2 tls
  • gandi sas
  • gecko
  • generator
  • generic
  • generic windos
  • geoip
  • germany unknown
  • get updates
  • ghost
  • github
  • github copilot
  • github pages
  • gmt cache
  • gmt content
  • gmt date
  • gmt etag
  • going dark
  • google
  • goog mal
  • headers server
  • head title
  • high
  • historical ssl
  • homepage
  • hostname
  • hostnames
  • http
  • http post
  • http response
  • hybrid
  • icons library
  • ids detections
  • ieedge chrome1
  • impact ta0034
  • impact ta0040
  • incapsula
  • indonesia
  • info
  • info header
  • infosec journey
  • installcore
  • intel
  • internal
  • invalid url
  • iocs
  • ip address
  • ip detections
  • ip traffic
  • ipv4
  • ireland unknown
  • javascript
  • jpn write
  • june
  • kb body
  • key algorithm
  • khtml
  • language
  • level
  • level3
  • levelblue
  • link
  • local
  • malware
  • maze
  • media
  • media center
  • medium
  • memory pattern
  • meta
  • meta name
  • mexico
  • microsoft
  • mini
  • mitre att
  • moved
  • mr windows
  • msie
  • ms windows
  • mtb aug
  • mtb may
  • mtb sep
  • namecheap
  • name md5
  • name servers
  • netherlands
  • NetSupportManagerRAT
  • net technology
  • network
  • next
  • ninite
  • ninite sep
  • noobyprotect
  • notifications
  • number
  • nxdomain
  • observed dns
  • ok server
  • ollydbg
  • open ports
  • os2 executable
  • otx telemetry
  • overlay
  • overview ip
  • partru
  • passive dns
  • path
  • pattern domains
  • pattern match
  • pattern urls
  • pe32
  • pe32 compiler
  • peeringdb
  • phish
  • please
  • possible
  • powershell
  • precondition
  • process32nextw
  • proton
  • public key
  • public url
  • pull
  • pulse pulses
  • pulses
  • pulses none
  • pulse submit
  • python
  • query
  • ransom
  • read c
  • realteck audio
  • record type
  • record value
  • redacted for
  • reference
  • referrer
  • regdword
  • registrar
  • regsetvalueexa
  • related nids
  • related pulses
  • related tags
  • reverse dns
  • robots content
  • rsa sha256
  • russia unknown
  • sameorigin
  • samplepath
  • samples
  • scan endpoints
  • script urls
  • search
  • search otx
  • serial number
  • server
  • servers
  • setup
  • seznam
  • sha1
  • sha256
  • shell
  • show
  • showing
  • show technique
  • sign
  • simda
  • simda cnc
  • size
  • skynet
  • slcc2
  • span
  • span p
  • stack
  • stamping
  • star
  • stars
  • status
  • status code
  • stop
  • strings
  • subdomains
  • su liao
  • suspicious
  • ta0009 command
  • ta0040
  • telecom
  • telper
  • template
  • theme directory
  • thumbprint
  • title head
  • tls handshake
  • trmp
  • trojan
  • trojandropper
  • trojan evader
  • trojan features
  • tsvt
  • ttl value
  • twitter
  • type
  • typo squatting
  • ukraine
  • unique tlds
  • united
  • united kingdom
  • united states
  • unknown
  • update
  • update date
  • url analysis
  • url https
  • urls
  • urls http
  • v3 serial
  • valid
  • validity
  • valid usage
  • verisign time
  • version
  • view
  • virtool
  • vmprotect
  • whois lookup
  • win32
  • win32cve sep
  • win32mydoom sep
  • win64
  • windows nt
  • without referer
  • worm
  • wow64
  • write
  • write c
  • writeups
  • x ua
  • yara detections
  • yara rule
  • zhi pin

MITRE ATT&CK TTPs

  • T1023 - Shortcut Modification
  • T1036 - Masquerading
  • T1040 - Network Sniffing
  • T1055 - Process Injection
  • T1057 - Process Discovery
  • T1060 - Registry Run Keys / Startup Folder
  • T1063 - Security Software Discovery
  • T1071 - Application Layer Protocol
  • T1082 - System Information Discovery
  • T1105 - Ingress Tool Transfer
  • T1119 - Automated Collection
  • T1129 - Shared Modules
  • T1204 - User Execution
  • T1547 - Boot or Logon Autostart Execution
  • T1553 - Subvert Trust Controls
  • T1566 - Phishing
  • T1568 - Dynamic Resolution
  • T1583 - Acquire Infrastructure
  • TA0002 - Execution
  • TA0003 - Persistence
  • TA0004 - Privilege Escalation
  • TA0005 - Defense Evasion
  • TA0006 - Credential Access
  • TA0007 - Discovery
  • TA0008 - Lateral Movement
  • TA0009 - Collection
  • TA0011 - Command and Control
  • TA0034 - Impact
  • TA0040 - Impact

Whois Information

NetRange: 15.196.0.0 - 15.200.255.255 CIDR: 15.200.0.0/16, 15.196.0.0/14 NetName: AT-88-Z NetHandle: NET-15-196-0-0-1 Parent: NET15 (NET-15-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Amazon Technologies Inc. (AT-88-Z) RegDate: 2021-01-28 Updated: 2022-04-26 Comment: -----BEGIN CERTIFICATE-----MIIDnjCCAoYCCQCMCXLBuibPpjANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0dGxlMQwwCgYDVQQKDANBV1MxETAPBgNVBAsMCElkZW50aXR5MRMwEQYDVQQDDApzaWduaW4uYXdzMSwwKgYJKoZIhvcNAQkBFh1hd3MtaWQtc2lnbmluLWNvcmVAYW1hem9uLmNvbTAeFw0yMjA0MjExODEyNDdaFw0yMzA0MjExODEyNDdaMIGQMQswCQYDVQQGEwJVUzELMAkGA1UECAwCV0ExEDAOBgNVBAcMB1NlYXR0bGUxDDAKBgNVBAoMA0FXUzERMA8GA1UECwwISWRlbnRpdHkxEzARBgNVBAMMCnNpZ25pbi5hd3MxLDAqBgkqhkiG9w0BCQEWHWF3cy1pZC1zaWduaW4tY29yZUBhbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OLoxduBX+OJYYmeN1V9WSrohqUuzLeEsRA5TTgyx9IA2rSh8LyoTXiyrlMJfIGO/OE1VOjLMDUXQVoz/YO/CNIss6Iw/NZtLn14RIW/iQ4rS3O+G/ZF91v9IVdiwtPc59mhZfw/vBm/L7zgWJCEMVg/tM04EHmZEOZuodnrjoyPEPihI8qI+PzSYu3JBsZXat8aC7EPmyEcUVfXXu8dcaHm6REbEuB6WU4vCbe303zy9KoA9xbMebr6Hw9Ao/UTTGhAc1tJQD4HdPZwJmt5RMlyEa3jKyEu+YDZrx8Ci617h4KnB3uzOsmjmtbKrErDiw5bluJrZw7Vp2uzxirolQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDYtJyOoj1fUOYjwLyELQnPAfo06/42rktqMOk+bLGK2BYHQzvxFlyBmNl5FzawvOa/auKySgG5ISO7lu29HUMAhIOkD55JWcZu/jkxFFdccQnoezBbVKyEiOfFQJfAgmrNnHlEL587ROO+L+yfAEnJ7BgyBzzzWbaQZhdJd2zHrhAL1cVvQbdXqVPUnFti7A9DfBJ9rQ4GqyIN963AuOHpiberNJbj1ZqNFx72Y4fHAsBRtMdXkG+pxzPnQt5lurfsSFVnVwDr+/Cm1Rx1EyEwjuXZlem1hQb0olALWKtxbh9pyuP5SP1TdHWyI9EA9Y60dPpqGdL0N5nGmUJ7b2Ka-----END CERTIFICATE----- Ref: https://rdap.arin.net/registry/ip/15.196.0.0 OrgName: Amazon Technologies Inc. OrgId: AT-88-Z Address: 410 Terry Ave N. City: Seattle StateProv: WA PostalCode: 98109 Country: US RegDate: 2011-12-08 Updated: 2024-01-24 Comment: All abuse reports MUST include: Comment: * src IP Comment: * dest IP (your IP) Comment: * dest port Comment: * Accurate date/timestamp and timezone of activity Comment: * Intensity/frequency (short log extracts) Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time. Ref: https://rdap.arin.net/registry/entity/AT-88-Z OrgAbuseHandle: AEA8-ARIN OrgAbuseName: Amazon EC2 Abuse OrgAbusePhone: +1-206-555-0000 OrgAbuseEmail: trustandsafety@support.aws.com OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN OrgRoutingHandle: ARMP-ARIN OrgRoutingName: AWS RPKI Management POC OrgRoutingPhone: +1-206-555-0000 OrgRoutingEmail: aws-rpki-routing-poc@amazon.com OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN OrgTechHandle: ANO24-ARIN OrgTechName: Amazon EC2 Network Operations OrgTechPhone: +1-206-555-0000 OrgTechEmail: amzn-noc-contact@amazon.com OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN OrgRoutingHandle: IPROU3-ARIN OrgRoutingName: IP Routing OrgRoutingPhone: +1-206-555-0000 OrgRoutingEmail: aws-routing-poc@amazon.com OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN OrgNOCHandle: AANO1-ARIN OrgNOCName: Amazon AWS Network Operations OrgNOCPhone: +1-206-555-0000 OrgNOCEmail: amzn-noc-contact@amazon.com OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN