Check an IP Address, Domain Name, Subnet, or ASN

18.97.26.40 was found in our database!

$ whois 18.97.26.40

country·🇺🇸 United States

city·Ashburn

isp·Amazon.com, Inc.

asn·AS14618

network·Standard

$ sikker risk 18.97.26.40scoring →

confidence

57%Medium

first_seen·Jan 21, 2026

last_seen·4d ago

sessions·45

events·67

$ sikker protocols 18.97.26.40

SMTP

18 / 38

HTTPS

21 / 21

MONGODB

1 / 3

FTP

1 / 1

SSH

1 / 1

HTTP

1 / 1

DOCKER

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 18.97.26.40

18.97.26.40 has a threat confidence score of 57%. This IP address from United States (AS14618, Amazon.com, Inc.) has been observed in 45 honeypot sessions targeting SMTP, HTTPS, MONGODB, FTP, SSH and 3 other protocols. First observed on January 21, 2026, most recently active March 14, 2026.

$ sikker behaviors 18.97.26.40catalog →

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoMongodb Buildinfo Fingerprinting1x

Client issues the MongoDB buildInfo command to retrieve detailed server version and build metadata, enabling software fingerprinting and environment profiling. This behavior reflects early-stage reconnaissance commonly performed by automated scanners, vulnerability assessment tooling, or exploitation frameworks to identify MongoDB deployment characteristics and determine suitability for subsequent enumeration or attack activity.

$ sikker primitives 18.97.26.40

smtp_ehlo_greeting4 elastic_http_get_request3 docker_get_method2 ftp_user_probe1 http_method_get1 https_path_root1 ftp_help_request1 ftp_password_attempt1 elastic_root_path_probe1 mongodb_buildinfo_command1

$ sikker related 18.97.26.40

🇺🇸·More threats fromUnited States→AS·More threats fromAmazon.com, Inc.→SMTP·More threats targetingSMTP→HTTP·More threats targetingHTTPS→MONG·More threats targetingMONGODB→FTP·More threats targetingFTP→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→DOCK·More threats targetingDOCKER→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
44.220.188.92	28%	6
44.215.28.32	42%	4
44.220.188.126	42%	32
98.80.4.54	35%	7
54.173.122.192	37%	11

IP Address	Confidence	Events
206.168.34.206	30%	1,832
97.107.132.132	36%	11
185.238.231.121	57%	155
192.241.179.235	30%	26
208.3.195.65	100%	94,541