Check an IP Address, Domain Name, Subnet, or ASN

3.6.34.235 was found in our database!

$ whois 3.6.34.235

country·🇮🇳 India

city·Mumbai

isp·Amazon.com, Inc.

asn·AS16509

network·Standard

$ sikker risk 3.6.34.235scoring →

confidence

55%Medium

first_seen·Mar 9, 2026

last_seen·1h ago

sessions·13

events·13

$ sikker protocols 3.6.34.235

HTTP

6 / 6

HTTPS

6 / 6

ELASTICSEARCH

1 / 1

$ sikker summary 3.6.34.235

3.6.34.235 has a threat confidence score of 55%. This IP address from India (AS16509, Amazon.com, Inc.) has been observed in 13 honeypot sessions targeting HTTP, HTTPS, ELASTICSEARCH protocols. First observed on March 9, 2026, most recently active March 26, 2026.

$ sikker behaviors 3.6.34.235catalog →

lowElastic Service Validation And Index Enumeration1x

Client first performs a generic request to the Elasticsearch root endpoint to verify service availability, then proceeds to request /_cat/indices. This sequence reflects staged Elasticsearch reconnaissance where the actor validates that the cluster is reachable before attempting index enumeration and data exposure assessment. Compared to direct index enumeration behaviors, the interaction begins with a service-validation step, suggesting adaptive probing rather than immediate Elasticsearch-specific targeting.

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 3.6.34.235

http_method_get3 https_path_root3 elastic_http_get_request3 elastic_root_path_probe2 elastic_cat_indices_enumeration1

$ sikker related 3.6.34.235

🇮🇳·More threats fromIndia→AS·More threats fromAmazon.com, Inc.→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
18.218.118.203	100%	34,020
44.233.21.113	59%	597
16.170.168.1	44%	6
47.130.108.237	55%	801
3.129.187.38	100%	33,375

IP Address	Confidence	Events
117.247.253.81	69%	4
103.90.211.130	27%	101
45.124.145.122	96%	399
117.216.33.31	51%	427
203.223.191.215	22%	62