13.58.198.185

{ } JSON 🔧 Full Actions API

🤖 Witness AIThis summary was generated by AI and may contain inaccuracies. Verify critical details independently.

# IPDEBRIEF INTELLIGENCE BRIEFING

Target IP: 13.58.198.185/32

Classification: Moderate Risk (Score: 40)

Date: Current

Status: Active Threat Indicator

---

## EXECUTIVE SUMMARY

IP 13.58.198.185 is a cloud-based EC2 instance hosted by Amazon Web Services (AWS) in Columbus, Ohio. The address has been identified on threat intelligence lists with medium severity ratings. While the IP belongs to AWS infrastructure, its presence on multiple blacklist feeds indicates potential misuse that warrants monitoring or blocking.

---

## NETWORK IDENTIFICATION

Attribute	Value
IP Address	13.58.198.185
ASN	16509 (AMAZON-02)
Organization	Amazon Technologies Inc.
Network	AT-88-Z (13.24.0.0/13)
Location	Columbus, OH, US
Hostname	ec2-13-58-198-185.us-east-2.compute.amazonaws.com
Infrastructure	AWS Cloud (Firewalled/No Services)

---

## THREAT INDICATORS

Risk Score: 40 (Moderate)
Blacklist Status: Listed on 1 of 8 threat feeds
Maximum Severity: Medium
Known Campaigns: None identified
Tor Exit Node: No
Known Attacker: No
Spam Source: No

---

## OBSERVATION HISTORY

Signal monitoring reveals threat list activity with the following timeline:

2026-06-29 03:52: Listed on multiple feeds (8 total) with medium severity
2026-06-21 01:46: Listed on 2 feeds with high severity ratings
2026-06-21 01:57: ASN 16509 confirmation signals
2026-06-29 03:52: ASN 16509 confirmation signals

The IP demonstrates persistent blacklist presence with fluctuating severity levels (high to medium), suggesting ongoing or intermittent abusive activity.

---

## RELATIONSHIP ANALYSIS

DNS Associations: ec2-13-58-198-185.us-east-2.compute.amazonaws.com (verified)
Network Context: AT-88-Z subnet (13.58.198.0/24)
Neighborhood Risk: Subnet classified as "mostly_clean" with 0 active threat siblings detected
Control Plane: BGP origin 13.56.0.0/14 via ASN 16509

---

## SECURITY ACTIONS

Recommended: Block Traffic

The following firewall rules are recommended for immediate implementation:

Platform	Rule
iptables	`iptables -A INPUT -s 13.58.198.185 -j DROP`
nftables	`nft add rule inet filter input ip saddr 13.58.198.185 drop`
nginx	`deny 13.58.198.185;`
pfSense	Add 13.58.198.185/32 to block list
Cloudflare WAF	Block with expression: `ip.src eq 13.58.198.185`
AWS WAF	Add 13.58.198.185/32 to IPSet with action `block`

---

## ANALYST NOTES

1. AWS EC2 Context: This is a cloud-hosted resource. AWS EC2 instances can be compromised by attackers and used for malicious activities.

2. Risk Assessment: The moderate risk score (40) combined with blacklist listings indicates the IP is actively flagged for potential abuse, though the IP itself is legitimate AWS infrastructure.

3. Monitoring Recommendation: While blocking is recommended, maintain awareness that blocking an AWS IP may impact legitimate AWS services if this address has been compromised or misused.

4. No Services Detected: No open ports or active services observed, consistent with AWS firewalled configuration.

---

Report Generated: IPDebrief Intelligence Platform

Data Sources: Multi-signal aggregation (DNS, ASN, geolocation, threat feeds, control plane)

This summary was generated by AI and may contain inaccuracies. Verify critical details independently.

🌍 Geolocation

Country	🇺🇸 United States
Region	OH
City	Columbus
Timezone	America/New_York
Latitude	39.96
Longitude	-83.00

🏢 Ownership & Registration

Organization	Amazon Technologies Inc.
ASN	AS16509
Network Name	AT-88-Z
CIDR Block	13.24.0.0/13
RIR	ARIN
Country	United States
Abuse Contact	Available via RDAP

🌐 DNS Intelligence

PTR	ec2-13-58-198-185.us-east-2.compute.amazonaws.com
Forward Confirmed	Yes — FCrDNS verified
Forward Hostnames	`ec2-13-58-198-185.us-east-2.compute.amazonaws.com`

🔐 DNS Hygiene

Hygiene Score	80% (Excellent)
SPF	Present
DMARC	Present
FCrDNS	Verified
DNSSEC	Valid
CAA	Not configured

☁️ Network Classification

Infrastructure	Infrastructure / Datacenter
Service Purpose	Firewalled / No Services
Network Tier	Hosting — Infrastructure provider without advanced routing

CloudHosting

🔌 Services & Open Ports

Port	Service	Protocol	Banner
No open ports detected

Server	—
HTTP Title	—

🔐 TLS Certificate

🔒

No certificate

Issued by —

N/A

SANs	None
Valid From	—
Valid Until	—

🎯 Confidence Breakdown

Per-dimension confidence scores based on source diversity and data freshness

Dimension	Score	Sources	Observations
threat	35%	2	3
routing	25%	1	1
services	8%	1	1
ownership	27%	2	3
reputation	22%	1	3
geolocation	33%	2	4
Overall	25%	9	15

Coverage: 6/6 dimensions · Data sufficiency: sufficient

Data Coherence	Consistent (100%)
Attribution	Moderate (70%)
	OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid

📅 Observation Timeline 🔄 Live

First Seen	2026-05-27 07:16:35 UTC
Last Seen	2026-06-29 03:52:07 UTC
Profile Built	2026-06-29 03:56:09 UTC
Data Freshness	Live
Signal Types	19
Total Observations	20

🔍 19 signal types · 20 observations collected

This report is generated from 19+ independent intelligence signals including ownership records, DNS analysis, BGP routing, TLS certificates, port scanning, threat feeds, behavioral fingerprinting, and more.
Full dossier details are available via our API.

{ } JSON API 🔧 Actions API 📧 Enterprise Access

ℹ️ About This Report

All data shown is publicly available network metadata — IP addresses do not reliably identify individuals. Assessments are probabilistic and should not be used as sole basis for access control decisions. To report an issue or request data review, contact admin@ipdebrief.com.

13.58.198.185📋 Copy