Check an IP Address, Domain Name, Subnet, or ASN

44.252.134.205 was found in our database!

$ whois 44.252.134.205

country·🇺🇸 United States

city·Boardman

isp·Amazon.com, Inc.

asn·AS16509

network·Standard

$ sikker risk 44.252.134.205scoring →

confidence

67%High

first_seen·Mar 14, 2026

last_seen·2h ago

sessions·35

events·35

$ sikker protocols 44.252.134.205

HTTPS

20 / 20

HTTP

14 / 14

ELASTICSEARCH

1 / 1

$ sikker summary 44.252.134.205

44.252.134.205 has a threat confidence score of 67%. This IP address from United States (AS16509, Amazon.com, Inc.) has been observed in 35 honeypot sessions targeting HTTPS, HTTP, ELASTICSEARCH protocols. First observed on March 14, 2026, most recently active March 26, 2026.

$ sikker behaviors 44.252.134.205catalog →

lowElastic Service Validation And Index Enumeration1x

Client first performs a generic request to the Elasticsearch root endpoint to verify service availability, then proceeds to request /_cat/indices. This sequence reflects staged Elasticsearch reconnaissance where the actor validates that the cluster is reachable before attempting index enumeration and data exposure assessment. Compared to direct index enumeration behaviors, the interaction begins with a service-validation step, suggesting adaptive probing rather than immediate Elasticsearch-specific targeting.

infoHttps Root Path Request9x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request7x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 44.252.134.205

https_path_root10 http_method_get7 elastic_http_get_request3 elastic_root_path_probe2 elastic_cat_indices_enumeration1

$ sikker related 44.252.134.205

🇺🇸·More threats fromUnited States→AS·More threats fromAmazon.com, Inc.→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
54.219.179.162	23%	1
54.193.19.232	35%	3
54.245.208.67	26%	1
54.153.75.30	44%	4
18.246.229.47	30%	2

IP Address	Confidence	Events
185.218.138.18	97%	6,472
147.185.133.186	84%	263
147.185.132.222	98%	379
205.210.31.224	96%	319
208.3.195.65	100%	102,915