Elastic Http Security Txt Path Probe

An HTTP GET request targeting /security.txt on an Elasticsearch-exposed port. This primitive represents generic web discovery where a scanner checks for the presence of a security contact file to aid fingerprinting and exposure mapping. The request is not part of normal Elasticsearch API usage and typically appears during broad reconnaissance alongside other non-Elasticsearch HTTP path probes.

Observed IPs

315

Avg Confidence

55%

Protocol

ELASTICSEARCH

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
66.132.153.114	100%	3,595	2,289	🇺🇸 US	AS398324	2026-03-20
66.132.153.122	100%	3,532	2,120	🇺🇸 US	AS398324	2026-03-21
66.132.153.117	100%	3,509	2,087	🇺🇸 US	AS398324	2026-03-20
66.132.153.127	100%	3,381	2,093	🇺🇸 US	AS398324	2026-03-20
167.94.138.191	50%	3,358	1,934	🇺🇸 US	AS398324	2026-03-20
66.132.153.115	100%	3,316	2,056	🇺🇸 US	AS398324	2026-03-20
66.132.153.124	100%	3,273	2,104	🇺🇸 US	AS398324	2026-03-20
162.142.125.117	50%	3,261	2,076	🇺🇸 US	AS398324	2026-03-21
162.142.125.114	50%	3,250	2,051	🇺🇸 US	AS398324	2026-03-20
162.142.125.121	50%	3,242	1,938	🇺🇸 US	AS398324	2026-03-20
167.94.146.55	50%	3,188	2,003	🇺🇸 US	AS398705	2026-03-20
162.142.125.125	50%	3,183	2,136	🇺🇸 US	AS398324	2026-03-21
66.132.153.119	100%	3,173	1,979	🇺🇸 US	AS398324	2026-03-21
167.94.146.56	50%	3,165	1,975	🇺🇸 US	AS398705	2026-03-21
162.142.125.122	50%	3,155	1,921	🇺🇸 US	AS398324	2026-03-21
162.142.125.120	50%	3,119	2,051	🇺🇸 US	AS398324	2026-03-20
66.132.153.116	100%	3,111	1,909	🇺🇸 US	AS398324	2026-03-21
66.132.153.120	100%	3,089	1,862	🇺🇸 US	AS398324	2026-03-20
66.132.153.126	100%	3,089	1,997	🇺🇸 US	AS398324	2026-03-20
162.142.125.126	50%	3,068	1,937	🇺🇸 US	AS398324	2026-03-21