Elastic Cat Indices Enumeration

An HTTP GET request to the Elasticsearch /_cat/indices endpoint with output formatted as JSON. This primitive indicates enumeration of index metadata, including index names, document counts, storage size, and shard allocation details. Attackers and automated scanners commonly use this endpoint to assess data exposure, identify high-value indices, and estimate cluster scale before attempting data extraction or destructive actions. The inclusion of parameters such as format=json and bytes=b suggests scripted reconnaissance intended for machine parsing and precise size analysis.

Observed IPs

552

Avg Confidence

62%

Protocol

ELASTICSEARCH

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
81.29.142.100	100%	21,300	12,165	🇷🇺 RU	AS210259	2026-03-05
81.29.142.6	100%	15,716	10,004	🇷🇺 RU	AS210259	2026-03-05
45.91.64.6	100%	14,307	7,927	🇷🇺 RU	AS214664	2026-03-05
94.102.49.155	99%	9,866	5,902	🇳🇱 NL	AS202425	2026-03-05
152.32.135.214	96%	2,856	255	🇭🇰 HK	AS135377	2026-03-05
35.216.201.9	100%	1,979	548	🇨🇭 CH	AS15169	2026-03-05
5.101.64.6	100%	1,819	1,542	🇷🇺 RU	AS34665	2026-03-05
165.154.36.243	90%	1,605	521	🇺🇸 US	AS135377	2026-03-02
152.32.249.95	92%	1,533	163	🇻🇳 VN	AS135377	2026-03-05
35.216.183.140	100%	1,524	250	🇨🇭 CH	AS15169	2026-02-27
35.216.140.3	91%	1,451	269	🇨🇭 CH	AS15169	2026-02-14
107.150.117.219	94%	1,226	413	🇩🇪 DE	AS135377	2026-03-04
165.154.179.204	93%	1,197	406	🇷🇺 RU	AS135377	2026-03-05
123.58.196.49	91%	1,176	405	🇹🇼 TW	AS135377	2026-03-04
169.197.113.175	90%	1,094	374	🇬🇧 GB	AS135377	2026-03-05
101.36.114.252	96%	1,092	462	🇰🇷 KR	AS135377	2026-03-04
118.194.249.72	96%	1,084	431	🇰🇷 KR	AS135377	2026-03-05
123.58.209.112	96%	1,080	394	🇭🇰 HK	AS135377	2026-03-03
104.218.164.117	89%	1,080	442	🇬🇧 GB	AS135377	2026-03-04
165.154.10.165	93%	1,077	393	🇳🇬 NG	AS135377	2026-03-05

Loading threats