Check an IP Address, Domain Name, Subnet, or ASN

54.237.205.1 was found in our database!

$ whois 54.237.205.1

country·🇺🇸 United States

city·Ashburn

isp·Amazon.com, Inc.

asn·AS14618

network·Standard

$ sikker risk 54.237.205.1scoring →

confidence

72%High

first_seen·Mar 13, 2026

last_seen·1h ago

first_reported·Mar 19, 2026

last_reported·3d ago

sessions·13

events·13

reports·1

$ sikker protocols 54.237.205.1

HTTPS

6 / 6

FTP

2 / 2 / 1r

HTTP

2 / 2

RDP

1 / 1

SSH

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 54.237.205.1

54.237.205.1 has a threat confidence score of 72%. This IP address from United States (AS14618, Amazon.com, Inc.) has been observed in 13 honeypot sessions and reported 1 times targeting HTTPS, FTP, HTTP, RDP, SSH and 1 other protocols. First observed on March 13, 2026, most recently active March 22, 2026.

$ sikker behaviors 54.237.205.1catalog →

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoFtp Tls Upgrade2x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 54.237.205.1

https_path_root3 ftp_auth_tls2 http_method_get2 elastic_http_get_request1 elastic_http_bad_request_path_probe1

$ sikker reports 54.237.205.1submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 19, 2026, 18:34	Brute Force	FTP	SikkerGuard: 8 blocked packets

$ sikker related 54.237.205.1

🇺🇸·More threats fromUnited States→AS·More threats fromAmazon.com, Inc.→HTTP·More threats targetingHTTPS→FTP·More threats targetingFTP→HTTP·More threats targetingHTTP→RDP·More threats targetingRDP→SSH·More threats targetingSSH→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
18.97.19.148	58%	111
18.97.5.73	31%	59
3.227.192.235	64%	1,474
3.86.245.199	53%	19
44.220.185.88	36%	28

IP Address	Confidence	Events
92.118.39.87	100%	252,345
172.174.236.9	83%	191
130.51.21.20	100%	246
185.238.231.181	85%	3,296
3.134.216.108	100%	9,036