Check an IP Address, Domain Name, Subnet, or ASN

18.215.159.152 was found in our database!

$ whois 18.215.159.152

country·🇺🇸 United States

city·Ashburn

isp·Amazon.com, Inc.

asn·AS14618

network·Standard

$ sikker risk 18.215.159.152scoring →

confidence

82%Very High

first_seen·Jan 23, 2026

last_seen·1h ago

first_reported·Mar 14, 2026

last_reported·1d ago

sessions·74

events·116

reports·2

$ sikker protocols 18.215.159.152

HTTPS

49 / 81 / 1r

HTTP

6 / 10 / 1r

ELASTICSEARCH

8 / 8

FTP

4 / 7

RDP

5 / 5

DOCKER

1 / 3

SSH

1 / 2

$ sikker summary 18.215.159.152

18.215.159.152 has a threat confidence score of 82%. This IP address from United States (AS14618, Amazon.com, Inc.) has been observed in 74 honeypot sessions and reported 2 times targeting HTTPS, HTTP, ELASTICSEARCH, FTP, RDP and 2 other protocols. First observed on January 23, 2026, most recently active March 22, 2026.

$ sikker behaviors 18.215.159.152catalog →

infoHttp Root Path Request5x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoFtp Tls Upgrade1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoDocker Invalid Protocol Probe1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 18.215.159.152

elastic_http_get_request8 elastic_http_bad_request_path_probe8 http_method_get5 ftp_auth_tls4 https_path_root4 docker_get_method3 docker_bad_request_uri3 ftp_auth_ssl2

$ sikker reports 18.215.159.152submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 21, 2026, 18:34	Brute Force	HTTP	SikkerGuard: 6 blocked packets
User	Mar 14, 2026, 18:35	Brute Force	HTTPS	SikkerGuard: 6 blocked packets

$ sikker related 18.215.159.152

🇺🇸·More threats fromUnited States→AS·More threats fromAmazon.com, Inc.→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→ELAS·More threats targetingELASTICSEARCH→FTP·More threats targetingFTP→RDP·More threats targetingRDP→DOCK·More threats targetingDOCKER→SSH·More threats targetingSSH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
44.204.70.33	35%	2
3.227.192.235	64%	1,481
18.97.19.148	58%	111
18.97.5.73	31%	59
3.86.245.199	53%	19

IP Address	Confidence	Events
185.150.189.115	100%	17,293
45.33.12.214	74%	1,694
136.109.125.170	78%	277
159.89.88.188	87%	318
173.255.221.189	74%	1,167