Elastic Http Get Request

An HTTP GET request targeting an Elasticsearch-compatible endpoint. This primitive represents read-oriented probing or enumeration activity against exposed Elasticsearch services, including requests to cluster, node, index, or generic web paths. Attackers and automated scanners commonly use GET requests to fingerprint the service, retrieve cluster metadata, or verify unauthenticated access. The primitive captures both Elasticsearch API paths such as /_cluster/stats or /_nodes and generic HTTP discovery paths observed during reconnaissance workflows.

Observed IPs

6,633

Avg Confidence

62%

Protocol

ELASTICSEARCH

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
45.95.147.229	98%	83,771	27,797	🇳🇱 NL	AS49870	2026-02-13
77.83.240.70	100%	30,021	13,580	🇺🇸 US	AS49870	2026-02-26
81.29.142.100	100%	20,831	11,697	🇷🇺 RU	AS210259	2026-03-02
18.218.118.203	100%	18,102	15,577	🇺🇸 US	AS16509	2026-03-03
16.58.56.214	99%	17,628	15,151	🇺🇸 US	AS16509	2026-03-03
3.129.187.38	99%	17,454	15,811	🇺🇸 US	AS16509	2026-03-03
18.116.101.220	99%	17,339	16,521	🇺🇸 US	AS16509	2026-03-03
207.180.231.68	94%	15,816	6,725	🇫🇷 FR	AS51167	2026-03-02
3.130.168.2	100%	14,359	12,309	🇺🇸 US	AS16509	2026-03-02
81.29.142.6	99%	13,985	8,279	🇷🇺 RU	AS210259	2026-03-02
45.91.64.6	100%	13,853	7,474	🇷🇺 RU	AS214664	2026-03-03
94.102.49.155	99%	9,304	5,347	🇳🇱 NL	AS202425	2026-03-03
3.131.220.121	99%	8,708	7,860	🇺🇸 US	AS16509	2026-03-02
95.215.0.144	97%	7,740	4,586	🇷🇺 RU	AS44050	2026-03-03
207.90.244.28	100%	6,627	3,753	🇺🇸 US	AS174	2026-03-03
207.90.244.14	100%	5,330	3,177	🇺🇸 US	AS174	2026-03-03
115.231.78.11	98%	4,942	2,763	🇨🇳 CN	AS58461	2026-03-03
176.65.149.17	100%	4,792	1,176	🇳🇱 NL	AS51396	2026-02-28
80.13.153.140	99%	4,091	2,270	🇫🇷 FR	AS3215	2026-03-03
3.132.26.232	99%	3,953	3,867	🇺🇸 US	AS16509	2026-03-02

Loading threats