Open Elasticsearch Report

This report identifies hosts that have Elasticsearch running and accessible on the Internet.

On its own, Elasticsearch does not support authentication or restrict access to the datastore, so it is possible that any entity that can access the Elasticsearch instance may have complete control to do what they will with it. The probe that we are using is a “GET / HTTP/1.1” sent to port 9200/tcp.

See https://www.elastic.co/products/elasticsearch for more information on Elasticsearch.

For more details behind the scan methodology and a daily update of global Elasticsearch scan statistics please visit our dedicated Elasticsearch scan page.

For more information on our scanning efforts, check out our Internet scanning summary page.

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the Elasticsearch response came on (always TCP)
  • port
    Port that the Elasticsearch response came from (9200/TCP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    Will always be elasticsearch
  • version
    Elasticsearch version number
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • ok
    Indicator that everything is functioning properly (only present in ES instances pre-v1.0)
  • name
    The identifying (trivial) name of the Elasticsearch instance
  • cluster_name
    The name of the Elasticsearch cluster that the instance belongs to (if any)
  • status
    Usually "200" meaning that everything is working
  • build_hash
    Hash of the running version of Elasticsearch
  • build_timestamp
    Timestamp of when the running version of Elasticsearch was built
  • build_snapshot
    Whether snapshots are enabled
  • lucene_version
    Version of Apache Lucene that Elasticsearch is using

Sample

"timestamp","ip","protocol","port","hostname","tag","version","asn","geo","region","city","naics","sic","ok","name","cluster_name","status","build_hash","build_timestamp","build_snapshot","lucene_version","tagline"
"2015-05-27 19:57:23","101.227.67.200","tcp",9200,,"elasticsearch","0.90.2",4812,"CN","SHANGHAI","SHANGHAI",0,0,"true","F1",,200,,,,"4.3.1","You Know, for Search"
"2015-05-27 19:57:23","122.13.16.182","tcp",9200,,"elasticsearch","1.4.4",17816,"CN","GUANGDONG","GUANGZHOU",0,0,,"Abominatrix","elasticsearch",200,"c88f77ffc81301dfa9dfd81ca2232f09588bd512","2015-02-19T13:05:36Z","false","4.10.3","You Know, for Search"
"2015-05-27 19:57:23","94.70.203.209","tcp",9200,"host1.inlinkz.ondsl.gr","elasticsearch","1.4.4",6799,"GR","ATTIKI","ATHENS",0,0,,"Captain Barracuda","elasticsearch",200,"c88f77ffc81301dfa9dfd81ca2232f09588bd512","2015-02-19T13:05:36Z","false","4.10.3","You Know, for Search"
"2015-05-27 19:57:23","94.23.199.67","tcp",9200,"ns302583.ip-94-23-199.eu","elasticsearch","1.4.4",16276,"FR","NORD-PAS-DE-CALAIS","ROUBAIX",0,0,,"Controller","elasticsearch",200,"c88f77ffc81301dfa9dfd81ca2232f09588bd512","2015-02-19T13:05:36Z","false","4.10.3","You Know, for Search"
"2015-05-27 19:57:23","91.98.96.118","tcp",9200,"raymand.biz","elasticsearch","1.2.2",16322,"IR","TEHRAN","TEHRAN",0,0,,"Taskmaster",,200,"9902f08efc3ad14ce27882b991c4c56b920c9872","2014-07-09T12:02:32Z","false","4.8","You Know, for Search"
"2015-05-27 19:57:23","144.76.137.134","tcp",9200,"static.134.137.76.144.clients.your-server.de","elasticsearch","1.0.3",24940,"DE","BAYERN","GUNZENHAUSEN",0,0,,"Boom Boom",,200,"61bfb72d845a59a58cd9910e47515665f6478a5c","2014-04-16T14:43:11Z","false","4.6","You Know, for Search"
"2015-05-27 19:57:23","203.88.167.157","tcp",9200,,"elasticsearch","1.5.0",10098,"HK","HONG KONG","QUARRY BAY",0,0,,"aliyun-hk-data08","bigdata_es",200,"544816042d40151d3ce4ba4f95399d7860dc2e92","2015-03-23T14:30:58Z","false","4.10.4","You Know, for Search"
"2015-05-27 19:57:23","31.210.46.170","tcp",9200,"trvds4.aysima.net","elasticsearch","0.90.0.Bet",42910,"TR","ISTANBUL","ISTANBUL",0,0,"true","Silver Fox",,200,,,,,"You Know, for Search"
"2015-05-27 19:57:23","210.172.143.105","tcp",9200,"ceru-misc-210-172-143-105.interq.or.jp","elasticsearch","1.2.3",7506,"JP","TOKYO","CHIYODA",0,0,,"spr1pro01-02",,200,"4596e81285d3c1a1609c8382b1e804115ef610fb","2014-07-23T13:16:05Z","false","4.8","You Know, for Search"
"2015-05-27 19:57:23","216.118.88.157","tcp",9200,,"elasticsearch","1.2.4",8001,"US","NEW JERSEY","CEDAR KNOLLS",0,0,,"Radian",,200,"11689ab5f166203d21f1a3c566fe8e96b1d4cd75","2014-08-13T14:09:19Z","false","4.8","You Know, for Search"
"2015-05-27 19:57:24","173.236.91.109","tcp",9200,"node02.tmddedicated920.com","elasticsearch","1.3.1",32475,"US","ILLINOIS","CHICAGO",0,0,,"SugarOJM",,200,"2de6dc5268c32fb49b205233c138d93aaf772015","2014-07-28T14:45:15Z","false","4.9","You Know, for Search"
"2015-05-27 19:57:24","52.7.129.120","tcp",9200,"ec2-52-7-129-120.compute-1.amazonaws.com","elasticsearch","1.5.2",14618,"US","VIRGINIA","ASHBURN",454113,596101,,"Alysande Stuart","elasticsearch",200,"62ff9868b4c8a0c45860bebb259e21980778ab1c","2015-04-27T09:21:06Z","false","4.10.4","You Know, for Search"
"2015-05-27 19:57:24","166.111.134.51","tcp",9200,,"elasticsearch","1.4.4",4538,"CN","BEIJING","BEIJING",0,0,,"thu-pc51","thu",200,"c88f77ffc81301dfa9dfd81ca2232f09588bd512","2015-02-19T13:05:36Z","false","4.10.3","You Know, for Search"
"2015-05-27 19:57:24","85.214.96.159","tcp",9200,,"elasticsearch","1.5.2",6724,"DE","BERLIN","BERLIN",0,0,,"Slug","elasticsearch",200,"62ff9868b4c8a0c45860bebb259e21980778ab1c","2015-04-27T09:21:06Z","false","4.10.4","You Know, for Search"

Our 118 Report Types