Confidence Level

66%

High?

Geolocation

🇺🇸

United StatesAshburn

ISPAmazon.com, Inc.

ASNAS14618

Activity Timeline

First seenJan 22, 2026, 10:57 PM

Last seen1h ago

57Sessions

111Events

Protocol Breakdown

HTTPS

29 / 51

HTTP

11 / 25

FTP

4 / 16

ELASTICSEARCH

9 / 11

SSH

2 / 4

DOCKER

1 / 3

RDP

1 / 1

13.218.54.153 has a high threat confidence level of 66%, originating from Ashburn, United States, on the Amazon.com, Inc. network (14618). It has been observed across 57 sessions targeting HTTPS, HTTP, FTP, ELASTICSEARCH, SSH and 2 other protocols, First observed on January 22, 2026, most recently active March 11, 2026.

Behaviors

Classified behavioral patterns observed

Https Root Path Request

info5x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Http Root Path Request

info3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Docker Invalid Protocol Probe

info1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

Primitives

Individual actions observed

Elastic Http Get Request9 Elastic Http Bad Request Path Probe9 Https Path Root5 Ftp Auth Ssl4 Ftp Auth Tls4 Http Method Get3 Docker Get Method3 Docker Bad Request Uri3

Related Threats

Explore related threat intelligence

🇺🇸More threats fromUnited States ASMore threats fromAmazon.com, Inc.HTTPSMore threats targetingHTTPS HTTPMore threats targetingHTTP FTPMore threats targetingFTP ELASTICSEARCHMore threats targetingELASTICSEARCH SSHMore threats targetingSSH DOCKERMore threats targetingDOCKER RDPMore threats targetingRDP { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
18.211.190.157	12%	10
44.220.185.58	37%	14
98.80.4.123	37%	56
44.220.185.88	28%	6
100.29.192.78	26%	1

IP Address	Confidence	Events
130.12.180.70	91%	24,771
130.12.180.188	91%	13,619
15.181.1.164	82%	629
130.12.180.71	91%	24,806
130.12.180.44	91%	24,455