Check an IP Address, Domain Name, Subnet, or ASN

44.220.185.41 was found in our database!

$ whois 44.220.185.41

country·🇺🇸 United States

city·Ashburn

isp·Amazon.com, Inc.

asn·AS14618

network·Standard

$ sikker risk 44.220.185.41scoring →

confidence

61%High

first_seen·Jan 26, 2026

last_seen·1h ago

sessions·48

events·51

$ sikker protocols 44.220.185.41

HTTPS

39 / 39

SSH

3 / 3

HTTP

1 / 3

TELNET

1 / 2

SMB

1 / 1

RTSP

1 / 1

MONGODB

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 44.220.185.41

44.220.185.41 has a threat confidence score of 61%. This IP address from United States (AS14618, Amazon.com, Inc.) has been observed in 48 honeypot sessions targeting HTTPS, SSH, HTTP, TELNET, SMB and 3 other protocols. First observed on January 26, 2026, most recently active April 15, 2026.

$ sikker behaviors 44.220.185.41catalog →

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoMongodb Buildinfo Fingerprinting1x

Client issues the MongoDB buildInfo command to retrieve detailed server version and build metadata, enabling software fingerprinting and environment profiling. This behavior reflects early-stage reconnaissance commonly performed by automated scanners, vulnerability assessment tooling, or exploitation frameworks to identify MongoDB deployment characteristics and determine suitability for subsequent enumeration or attack activity.

$ sikker primitives 44.220.185.41

elastic_http_get_request3 https_path_root2 rtsp_options1 http_method_get1 elastic_root_path_probe1 mongodb_buildinfo_command1

$ sikker related 44.220.185.41

🇺🇸·More threats fromUnited States→AS·More threats fromAmazon.com, Inc.→HTTP·More threats targetingHTTPS→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→TELN·More threats targetingTELNET→SMB·More threats targetingSMB→RTSP·More threats targetingRTSP→MONG·More threats targetingMONGODB→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
44.220.188.26	52%	11
3.213.226.45	61%	1,953
18.97.19.156	32%	24
44.220.188.205	45%	29
44.220.188.15	56%	50

IP Address	Confidence	Events
185.218.138.21	97%	16,132
92.118.39.87	100%	267,618
181.215.65.29	82%	542
147.93.185.113	91%	27
50.217.40.11	50%	494