Check an IP Address, Domain Name, Subnet, or ASN

18.97.5.59 was found in our database!

$ whois 18.97.5.59

country·🇺🇸 United States

city·Ashburn

isp·Amazon.com, Inc.

asn·AS14618

network·Standard

$ sikker risk 18.97.5.59scoring →

confidence

54%Medium

first_seen·Jan 29, 2026

last_seen·2h ago

sessions·39

events·59

$ sikker protocols 18.97.5.59

HTTPS

22 / 22

REDIS

5 / 15

FTP

2 / 12

IMAP

8 / 8

SSH

1 / 1

MONGODB

1 / 1

$ sikker summary 18.97.5.59

18.97.5.59 has a threat confidence score of 54%. This IP address from United States (AS14618, Amazon.com, Inc.) has been observed in 39 honeypot sessions targeting HTTPS, REDIS, FTP, IMAP, SSH and 1 other protocols. First observed on January 29, 2026, most recently active April 6, 2026.

$ sikker behaviors 18.97.5.59catalog →

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoRedis Info Command Invocation1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoMongodb Buildinfo Fingerprinting1x

Client issues the MongoDB buildInfo command to retrieve detailed server version and build metadata, enabling software fingerprinting and environment profiling. This behavior reflects early-stage reconnaissance commonly performed by automated scanners, vulnerability assessment tooling, or exploitation frameworks to identify MongoDB deployment characteristics and determine suitability for subsequent enumeration or attack activity.

$ sikker primitives 18.97.5.59

ftp_user_probe2 ftp_help_request2 ftp_password_attempt2 https_path_root1 redis_info_uppercase1 imap_capability_probe1 mongodb_buildinfo_command1

$ sikker related 18.97.5.59

🇺🇸·More threats fromUnited States→AS·More threats fromAmazon.com, Inc.→HTTP·More threats targetingHTTPS→REDI·More threats targetingREDIS→FTP·More threats targetingFTP→IMAP·More threats targetingIMAP→SSH·More threats targetingSSH→MONG·More threats targetingMONGODB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
34.193.119.44	81%	1,034
3.227.192.235	65%	2,346
18.97.19.166	43%	22
44.215.219.236	80%	942
18.97.5.32	44%	40

IP Address	Confidence	Events
92.118.39.92	100%	111,476
63.135.169.175	49%	420
66.132.172.100	99%	347
147.185.132.93	98%	335
172.236.127.133	90%	827