194.127.167.90 — Owl Limited, EE — Medium (57%)

Check an IP Address, Domain Name, Subnet, or ASN

194.127.167.90 was found in our database!

Confidence Level

57%

Medium?

Geolocation

🇪🇪

EstoniaTallinn

ISPOwl Limited

ASNAS43357

Activity Timeline

First seenMar 3, 2026, 09:39 AM

Last seen1d ago

7Sessions

7Events

Protocol Breakdown

MONGODB

5 / 5

ELASTICSEARCH

2 / 2

194.127.167.90 has a moderate threat confidence level of 57%, originating from Tallinn, Estonia, on the Owl Limited network (43357). It has been observed across 7 sessions targeting MONGODB, ELASTICSEARCH, First observed on March 3, 2026, most recently active March 4, 2026.

Behaviors

Classified behavioral patterns observed

Elastic Index Enumeration Probe

low2x

Client performs a direct request to the Elasticsearch /_cat/indices endpoint and retrieves a successful response without preceding generic web discovery or multi-protocol probing. This behavior indicates targeted Elasticsearch reconnaissance focused on enumerating available indices, document counts, and storage size to assess data exposure. Unlike broad internet scanners, the interaction is Elasticsearch-aware from the start, suggesting tooling or operators specifically searching for open clusters rather than conducting general service fingerprinting.

Primitives

Individual actions observed

Elastic Http Get Request2 Elastic Cat Indices Enumeration2

Related Threats

Explore related threat intelligence

🇪🇪More threats fromEstonia ASMore threats fromOwl Limited MONGODBMore threats targetingMONGODB ELASTICSEARCHMore threats targetingELASTICSEARCH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
92.60.40.226	39%	4
194.127.167.70	52%	89
92.60.40.196	97%	33
194.127.167.82	43%	9
194.127.167.122	62%	33

IP Address	Confidence	Events
69.12.83.46	100%	258
69.12.83.27	100%	331
69.12.83.39	100%	279
109.206.241.199	100%	816
194.127.167.70	52%	89