Check an IP Address, Domain Name, Subnet, or ASN

18.225.10.29 was found in our database!

$ whois 18.225.10.29

country·🇺🇸 United States

city·Columbus

isp·Amazon.com, Inc.

asn·AS16509

network·Standard

$ sikker risk 18.225.10.29scoring →

confidence

98%Very High

first_seen·Apr 20, 2026

last_seen·24m ago

sessions·379

events·379

$ sikker protocols 18.225.10.29

MONGODB

174 / 174

RDP

111 / 111

HTTP

37 / 37

HTTPS

25 / 25

MSSQL

20 / 20

RTSP

12 / 12

$ sikker summary 18.225.10.29

18.225.10.29 has a threat confidence score of 98%. This IP address from United States (AS16509, Amazon.com, Inc.) has been observed in 379 honeypot sessions targeting MONGODB, RDP, HTTP, HTTPS, MSSQL and 1 other protocols. First observed on April 20, 2026, most recently active April 20, 2026.

$ sikker behaviors 18.225.10.29catalog →

mediumMongodb Service Discovery And Database Enumeration23x

Remote client performs structured MongoDB reconnaissance by initiating a wire-protocol handshake (ismaster / hello), executing the buildInfo command to obtain server version and build characteristics, and subsequently issuing listDatabases to enumerate all databases present on the instance. This sequence reflects systematic service validation and environment mapping activity commonly associated with automated internet-wide scanning, vulnerability assessment tooling, or pre-exploitation reconnaissance workflows.

infoHttp Http Method Get12x

HTTP request using GET method.

infoHttp Root Path Request12x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe5x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 18.225.10.29

mongodb_listdatabases_command25 mongodb_buildinfo_admin_command25 mongodb_ismaster24 http_method_get23 http_path_bad_request11 https_path_root3

$ sikker related 18.225.10.29

🇺🇸·More threats fromUnited States→AS·More threats fromAmazon.com, Inc.→MONG·More threats targetingMONGODB→RDP·More threats targetingRDP→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→MSSQ·More threats targetingMSSQL→RTSP·More threats targetingRTSP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
54.238.147.217	23%	1
54.151.176.0	85%	13,389
3.130.168.2	100%	42,951
16.58.56.214	100%	54,531
18.143.235.216	64%	2,924

IP Address	Confidence	Events
45.79.115.59	93%	2,819
45.79.207.110	87%	2,890
157.254.223.77	95%	3,586
157.254.223.80	95%	3,758
144.172.95.158	100%	7,207