Elastic Http Get Request

An HTTP GET request targeting an Elasticsearch-compatible endpoint. This primitive represents read-oriented probing or enumeration activity against exposed Elasticsearch services, including requests to cluster, node, index, or generic web paths. Attackers and automated scanners commonly use GET requests to fingerprint the service, retrieve cluster metadata, or verify unauthenticated access. The primitive captures both Elasticsearch API paths such as /_cluster/stats or /_nodes and generic HTTP discovery paths observed during reconnaissance workflows.

Observed IPs

14,502

Avg Confidence

65%

Protocol

ELASTICSEARCH

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
194.50.16.198	100%	73,492	73,198	🇳🇱 NL	AS49870	2026-04-19
16.58.56.214	100%	55,180	52,613	🇺🇸 US	AS16509	2026-04-21
18.116.101.220	100%	51,371	50,418	🇺🇸 US	AS16509	2026-04-21
18.218.118.203	100%	48,507	45,871	🇺🇸 US	AS16509	2026-04-21
3.129.187.38	100%	47,494	45,696	🇺🇸 US	AS16509	2026-04-21
3.130.168.2	100%	43,475	41,332	🇺🇸 US	AS16509	2026-04-21
77.83.240.70	100%	34,994	18,553	🇺🇸 US	AS49870	2026-04-18
81.29.142.100	100%	34,956	25,784	🇷🇺 RU	AS210259	2026-04-21
185.177.72.38	99%	32,503	2,142	🇫🇷 FR	AS211590	2026-04-21
3.131.220.121	100%	28,920	28,012	🇺🇸 US	AS16509	2026-04-21
5.181.86.179	98%	28,886	28,851	🇺🇦 UA	AS211632	2026-04-21
5.181.86.60	98%	28,657	28,498	🇺🇦 UA	AS211632	2026-04-21
141.98.10.68	98%	28,587	28,403	🇱🇹 LT	AS209605	2026-03-11
185.177.72.30	97%	26,687	1,370	🇫🇷 FR	AS211590	2026-04-21
81.29.142.6	100%	24,138	18,344	🇷🇺 RU	AS210259	2026-04-21
185.177.72.52	98%	24,001	1,157	🇫🇷 FR	AS211590	2026-04-21
185.177.72.49	94%	21,260	1,512	🇫🇷 FR	AS211590	2026-04-19
3.132.26.232	100%	20,897	20,733	🇺🇸 US	AS16509	2026-04-21
185.156.73.157	98%	20,571	20,483	🇺🇦 UA	AS211736	2026-04-21
3.134.216.108	100%	18,097	17,372	🇺🇸 US	AS16509	2026-04-20

Loading threats