IOC Radar
IPMediumSignal 0/100

3.137.148.99

Location
United StatesUnited States
Dublin, Ohio
ASN
AS16509
AWS EC2 (us-east-2)
First Seen
May 22, 2025
Last Seen
May 29, 2026
May 22
First Seen
395d ago
May 29
Last Seen
23d ago
16
Reports
source reports
0%
Confidence
medium
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryUSUnited States
RegionDublin, Ohio
ASNAS16509
OrganizationAWS EC2 (us-east-2)

Feed Intelligence Summary

16 reports0% confidence
16
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
May 29May 29

Threat Activity Heatmap

· Peak: 2026-05-29
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
16
Reports
First seenMay 22, 2025
Last seenMay 29, 2026
GeolocationUS
CountryUnited States
LocationDublin, Ohio
ASNAS16509
OrgAWS EC2 (us-east-2)
Coords40.0992, -83.1141

VirusTotal

Not checked

WHOIS

description
List of SSH attacking IPs detected by the Rimba Siber honeypot.
raw
NetRange: 3.128.0.0 - 3.255.255.255 CIDR: 3.128.0.0/9 NetName: AT-88-Z NetHandle: NET-3-128-0-0-1 Parent: NET3 (NET-3-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Amazon Technologies Inc. (AT-88-Z) RegDate: 2018-06-25 Updated: 2018-09-13 Ref: https://rdap.arin.net/registry/ip/3.128.0.0 OrgName: Amazon Technologies Inc. OrgId: AT-88-Z Address: 410 Terry Ave N. City: Seattle StateProv: WA PostalCode: 98109 Country: US RegDate: 2011-12-08 Updated: 2024-01-24 Comment: All abuse reports MUST include: Comment: * src IP Comment: * dest IP (your IP) Comment: * dest port Comment: * Accurate date/timestamp and timezone of activity Comment: * Intensity/frequency (short log extracts) Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time. Ref: https://rdap.arin.net/registry/entity/AT-88-Z OrgAbuseHandle: AEA8-ARIN OrgAbuseName: Amazon EC2 Abuse OrgAbusePhone: +1-206-555-0000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN OrgRoutingHandle: IPROU3-ARIN OrgRoutingName: IP Routing OrgRoutingPhone: +1-206-555-0000 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN OrgRoutingHandle: ARMP-ARIN OrgRoutingName: AWS RPKI Management POC OrgRoutingPhone: +1-206-555-0000 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN OrgNOCHandle: AANO1-ARIN OrgNOCName: Amazon AWS Network Operations OrgNOCPhone: +1-206-555-0000 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN OrgTechHandle: ANO24-ARIN OrgTechName: Amazon EC2 Network Operations OrgTechPhone: +1-206-555-0000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 23 days ago
Appeared in 16 threat reports