Elastic Http Bad Request Path Probe

An HTTP GET request targeting the non-standard path /bad-request on an Elasticsearch-exposed port. This primitive represents automated protocol probing where a scanner sends intentionally invalid or placeholder paths to observe HTTP status codes and response structure. The request is not a legitimate Elasticsearch API call and is typically used during early-stage reconnaissance to confirm that the service speaks HTTP and to fingerprint error handling behavior before issuing Elasticsearch-specific queries.

Observed IPs

5,503

Avg Confidence

76%

Protocol

ELASTICSEARCH

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
194.50.16.198	100%	73,492	73,198	🇳🇱 NL	AS49870	2026-04-19
16.58.56.214	100%	56,398	53,817	🇺🇸 US	AS16509	2026-04-23
18.116.101.220	100%	52,997	52,044	🇺🇸 US	AS16509	2026-04-23
18.218.118.203	100%	49,649	47,013	🇺🇸 US	AS16509	2026-04-23
3.129.187.38	100%	48,557	46,759	🇺🇸 US	AS16509	2026-04-23
3.130.168.2	100%	44,958	42,815	🇺🇸 US	AS16509	2026-04-23
81.29.142.100	100%	35,865	26,690	🇷🇺 RU	AS210259	2026-04-23
77.83.240.70	100%	35,001	18,560	🇺🇸 US	AS49870	2026-04-23
3.131.220.121	100%	29,755	28,847	🇺🇸 US	AS16509	2026-04-23
5.181.86.179	98%	29,565	29,530	🇺🇦 UA	AS211632	2026-04-22
5.181.86.60	98%	29,327	29,168	🇺🇦 UA	AS211632	2026-04-22
141.98.10.68	98%	28,587	28,403	🇱🇹 LT	AS209605	2026-03-11
81.29.142.6	100%	24,147	18,353	🇷🇺 RU	AS210259	2026-04-23
3.132.26.232	100%	22,086	21,922	🇺🇸 US	AS16509	2026-04-23
185.156.73.157	98%	21,901	21,803	🇺🇦 UA	AS211736	2026-04-23
3.134.216.108	100%	19,078	18,353	🇺🇸 US	AS16509	2026-04-23
80.94.95.221	98%	18,341	17,107	🇷🇴 RO	AS204428	2026-04-22
45.91.64.6	100%	16,601	10,220	🇷🇺 RU	AS214664	2026-04-23
207.180.231.68	95%	15,894	6,798	🇫🇷 FR	AS51167	2026-03-03
95.215.0.144	100%	14,092	10,938	🇷🇺 RU	AS44050	2026-04-23

Loading threats