Check an IP Address, Domain Name, Subnet, or ASN

3.9.64.113 was found in our database!

$ whois 3.9.64.113

country·🇬🇧 United Kingdom

city·City of London

isp·Amazon.com, Inc.

asn·AS16509

network·Standard

$ sikker risk 3.9.64.113scoring →

confidence

69%High

first_seen·Feb 22, 2026

last_seen·1h ago

sessions·34

events·34

$ sikker protocols 3.9.64.113

HTTP

15 / 15

HTTPS

15 / 15

ELASTICSEARCH

4 / 4

$ sikker summary 3.9.64.113

3.9.64.113 has a threat confidence score of 69%. This IP address from United Kingdom (AS16509, Amazon.com, Inc.) has been observed in 34 honeypot sessions targeting HTTP, HTTPS, ELASTICSEARCH protocols. First observed on February 22, 2026, most recently active April 20, 2026.

$ sikker behaviors 3.9.64.113catalog →

lowElastic Service Validation And Index Enumeration4x

Client first performs a generic request to the Elasticsearch root endpoint to verify service availability, then proceeds to request /_cat/indices. This sequence reflects staged Elasticsearch reconnaissance where the actor validates that the cluster is reachable before attempting index enumeration and data exposure assessment. Compared to direct index enumeration behaviors, the interaction begins with a service-validation step, suggesting adaptive probing rather than immediate Elasticsearch-specific targeting.

infoHttps Root Path Request7x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request5x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Http Method Get3x

HTTP request using GET method.

$ sikker primitives 3.9.64.113

elastic_http_get_request12 elastic_root_path_probe8 https_path_root7 http_method_get6 elastic_cat_indices_enumeration4

$ sikker related 3.9.64.113

🇬🇧·More threats fromUnited Kingdom→AS·More threats fromAmazon.com, Inc.→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
64.252.88.8	92%	96
13.231.239.44	97%	6,006
54.151.176.0	85%	13,074
52.57.149.40	69%	79
52.193.244.90	97%	4,405

IP Address	Confidence	Events
87.236.176.197	95%	655
64.89.163.165	100%	18,187
64.89.163.83	94%	2,573
51.89.235.201	88%	78,952
94.72.102.118	95%	4,160