Elastic Http Bad Request Path Probe

An HTTP GET request targeting the non-standard path /bad-request on an Elasticsearch-exposed port. This primitive represents automated protocol probing where a scanner sends intentionally invalid or placeholder paths to observe HTTP status codes and response structure. The request is not a legitimate Elasticsearch API call and is typically used during early-stage reconnaissance to confirm that the service speaks HTTP and to fingerprint error handling behavior before issuing Elasticsearch-specific queries.

Observed IPs

3,047

Avg Confidence

64%

Protocol

ELASTICSEARCH

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
45.95.147.229	98%	83,771	27,797	🇳🇱 NL	AS49870	2026-02-13
77.83.240.70	100%	30,021	13,580	🇺🇸 US	AS49870	2026-02-26
81.29.142.100	100%	20,831	11,697	🇷🇺 RU	AS210259	2026-03-02
18.218.118.203	100%	18,020	15,495	🇺🇸 US	AS16509	2026-03-02
16.58.56.214	99%	17,322	14,845	🇺🇸 US	AS16509	2026-03-03
3.129.187.38	99%	17,321	15,678	🇺🇸 US	AS16509	2026-03-02
18.116.101.220	99%	16,808	15,990	🇺🇸 US	AS16509	2026-03-03
207.180.231.68	94%	15,816	6,725	🇫🇷 FR	AS51167	2026-03-02
3.130.168.2	100%	14,359	12,309	🇺🇸 US	AS16509	2026-03-02
81.29.142.6	99%	13,985	8,279	🇷🇺 RU	AS210259	2026-03-02
45.91.64.6	100%	13,848	7,469	🇷🇺 RU	AS214664	2026-03-03
3.131.220.121	99%	8,708	7,860	🇺🇸 US	AS16509	2026-03-02
95.215.0.144	97%	7,717	4,563	🇷🇺 RU	AS44050	2026-03-03
3.132.26.232	99%	3,953	3,867	🇺🇸 US	AS16509	2026-03-02
3.134.216.108	97%	3,676	2,961	🇺🇸 US	AS16509	2026-02-28
45.91.64.7	98%	3,456	2,367	🇷🇺 RU	AS214664	2026-03-03
66.132.153.114	100%	2,951	1,648	🇺🇸 US	AS398324	2026-03-03
66.132.153.117	100%	2,917	1,495	🇺🇸 US	AS398324	2026-03-03
66.132.153.122	100%	2,867	1,468	🇺🇸 US	AS398324	2026-03-02
167.94.138.191	30%	2,828	1,408	🇺🇸 US	AS398324	2026-03-03

Loading threats