JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 18.97.19.238

18.97.19.238 was found in our database!

This IP was reported 227 times. Confidence of Abuse is 50%: ?

50%

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14618
Hostname(s)	scanner-18-97-19-238.reposify.net
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 18.97.19.238

Whois 18.97.19.238

IP Abuse Reports for 18.97.19.238:

This IP address has been reported a total of 227 times from 71 distinct sources. 18.97.19.238 was first reported on July 12th 2025, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 donarev419	2026-06-12 03:11:53 (5 days ago)	Connection to port 10002 with data transfer. Data preview: GET / HTTP/1.1 Host: 107.175.212.44:1000 ... show more Connection to port 10002 with data transfer. Data preview: GET / HTTP/1.1 Host: 107.175.212.44:10002 User-Agent: Mozilla/5.0 (Windows NT 6.2;en-US) AppleWebK show less	Port Scan Hacking
🇫🇷 Thaliruth	2026-06-11 12:36:02 (5 days ago)	Jun 11 14:36:01 151 postfix/smtpd[4051455]: disconnect from scanner-18-97-19-238.reposify.net[18.97. ... show more Jun 11 14:36:01 151 postfix/smtpd[4051455]: disconnect from scanner-18-97-19-238.reposify.net[18.97.19.238] ehlo=1 auth=0/1 commands=1/2 ... show less	Hacking Brute-Force
🇺🇸 anon333	2026-05-28 04:33:45 (2 weeks ago)	Hacker syslog review 1779942824	Hacking
🇩🇪 anycast_ac	2026-05-23 06:54:08 (3 weeks ago)	[mirai-detector honeypot] Inbound attack against our honeypot on tcp/5900 (vnc). Family fingerprint: ... show more [mirai-detector honeypot] Inbound attack against our honeypot on tcp/5900 (vnc). Family fingerprint: vnc-scanner Commands captured: $ client RFB version: RFB 003.008 $ server challenge: 2611b2079e2416b778f0364247467882 show less	DDoS Attack
Anonymous	2026-05-18 03:52:07 (4 weeks ago)	Reported from Nginx log analysis 6. Log: 18.97.19.238 - - [18/May/2026:xx:xx:xx 0200] "GET / HTTP/1 ... show more Reported from Nginx log analysis 6. Log: 18.97.19.238 - - [18/May/2026:xx:xx:xx 0200] "GET / HTTP/1.1" xxx xxx "-" "Mozilla/5.0 (Windows NT 6.2;en-US) AppleWebKit/537.32.36 (KHTML, live Gecko) Chrome/60.0.3111.97 Safari/537.32" "-" "US United States Ashburn" "AS14618" "Amazon.com, Inc." show less	Port Scan Brute-Force SSH
🇷🇴 gtheo99	2026-05-18 00:25:43 (4 weeks ago)	(CT) IP 18.97.19.238 (US/United States/scanner-18-97-19-238.reposify.net) found to have 281 connecti ... show more (CT) IP 18.97.19.238 (US/United States/scanner-18-97-19-238.reposify.net) found to have 281 connections show less	Port Scan
🇫🇷 edoram	2026-05-17 16:03:32 (4 weeks ago)	Firewall probe / distributed scan detected by honeypot. 574 connection attempts in 24h.	Port Scan Web App Attack
🇦🇺 trentwiles.com	2026-05-14 08:01:06 (1 month ago)	Unauthorized connection attempt detected from IP address 18.97.19.238 to port 32400 [SYD]	Port Scan
🇨🇿 SeMPaI	2026-05-14 01:52:28 (1 month ago)	[satellite_7587] Honeypot attempt US from 18.97.19.238 to port 2002, with banner b'SSH-2.0-paramiko_ ... show more [satellite_7587] Honeypot attempt US from 18.97.19.238 to port 2002, with banner b'SSH-2.0-paramiko_2.9.2' show less	Port Scan
🇬🇧 gbzret4d	2026-05-09 05:04:37 (1 month ago)	Honeypot [uk-production01]: HTTP/1.1 request on 1200 GET / User-Agent: elasticsearch-py/7.13.4 (Pyt ... show more Honeypot [uk-production01]: HTTP/1.1 request on 1200 GET / User-Agent: elasticsearch-py/7.13.4 (Python 3.10.12) Accept-Encoding: identity; 1200 [8] TCP show less	Hacking Bad Web Bot
🇺🇸 LockBlock	2026-05-08 17:55:49 (1 month ago)	2026-05-08 17:55:49: Port scan detected from 18.97.19.238 on port 22 of racknerd-e7e1a9	Port Scan SSH
🇨🇳 ThreatBook.io	2026-05-06 00:18:18 (1 month ago)	ThreatBook Intelligence: Edu,Zombie more details on https://threatbook.io/ip/18.97.19.238 2026-05-05 ... show more ThreatBook Intelligence: Edu,Zombie more details on https://threatbook.io/ip/18.97.19.238 2026-05-05 17:15:09 / show less	Web App Attack
🇩🇪 femboy.cat	2026-05-05 20:22:30 (1 month ago)	Port scan to tcp/8000 from 18.97.19.238	Brute-Force
🇩🇪 senkodev	2026-05-05 10:54:31 (1 month ago)	2026-05-05T12:54:31.245579+02:00 vm1386.de.snk.wtf sshd[4149921]: Invalid user from 18.97.19.238 po ... show more 2026-05-05T12:54:31.245579+02:00 vm1386.de.snk.wtf sshd[4149921]: Invalid user from 18.97.19.238 port 47670 2026-05-05T12:54:31.340056+02:00 vm1386.de.snk.wtf sshd[4149921]: Connection closed by invalid user 18.97.19.238 port 47670 [preauth] ... show less	Brute-Force SSH
🇺🇸 trentwiles.com	2026-05-05 04:55:09 (1 month ago)	Unauthorized connection attempt detected from IP address 18.97.19.238 to port 50000 [SFO]	Port Scan

Showing 1 to 15 of 227 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 92.113.142.203

🇺🇸 91.230.168.237

🇺🇸 66.132.172.250

🇲🇲 45.41.105.12

🇲🇽 201.108.5.249

🇲🇽 187.191.48.4

🇨🇳 162.14.80.253

🇮🇩 157.15.0.190

🇫🇮 147.185.133.191

🇨🇳 111.198.221.98

🇺🇸 107.150.103.12

🇹🇳 102.157.64.82

🇷🇺 94.231.212.185

🇫🇷 51.68.126.146

🇬🇧 35.203.210.246

🇮🇷 5.123.219.246

🇨🇦 4.206.92.183

🇮🇳 2409:40e2:20b6:a4c3:c74:6ec1:1f6e:dc4c

🇮🇩 203.89.29.4

🇲🇦 196.92.7.247