Looking up IP
Check an IP Address, Domain Name, Subnet, or ASN
152.7.176.94 has a threat confidence score of 82%. This IP address from United States (AS11442, North Carolina State University) has been observed in 29 honeypot sessions targeting HTTP, HTTPS, ELASTICSEARCH protocols. First observed on March 28, 2026, most recently active March 28, 2026.
Client first performs a generic request to the Elasticsearch root endpoint to verify service availability, then proceeds to request /_cat/indices. This sequence reflects staged Elasticsearch reconnaissance where the actor validates that the cluster is reachable before attempting index enumeration and data exposure assessment. Compared to direct index enumeration behaviors, the interaction begins with a service-validation step, suggesting adaptive probing rather than immediate Elasticsearch-specific targeting.
Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.
Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration