Check an IP Address, Domain Name, Subnet, or ASN

80.66.83.43 was found in our database!

$ whois 80.66.83.43

country·🇷🇺 Russia

isp·Bashinskii Vadim Ruslanovich

asn·AS216473

network·Standard

$ sikker risk 80.66.83.43scoring →

confidence

100%Very High

first_seen·Feb 2, 2026

last_seen·9h ago

sessions·7,162

events·7,605

$ sikker protocols 80.66.83.43

RDP

2,761 / 2,771

HTTP

1,962 / 2,152

HTTPS

1,644 / 1,791

SMTP

283 / 347

SSH

236 / 236

MSSQL

236 / 236

DOCKER

40 / 72

$ sikker summary 80.66.83.43

80.66.83.43 has a threat confidence score of 100%. This IP address from Russia (AS216473, Bashinskii Vadim Ruslanovich) has been observed in 7,162 honeypot sessions targeting RDP, HTTP, HTTPS, SMTP, SSH and 2 other protocols. First observed on February 2, 2026, most recently active April 17, 2026.

$ sikker behaviors 80.66.83.43catalog →

mediumRdp Legacy Plaintext Authentication Attempt553x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

mediumRdp Nla Ntlm Authentication Attempt179x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

infoHttp Bad Request Route Probe55x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoDocker Invalid Protocol Probe39x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 80.66.83.43

rdp_legacy_plaintext_authenthication561 rdp_nla_ntlm_auth180 http_method_get140 http_path_bad_request140 docker_get_method70 docker_bad_request_uri70

$ sikker related 80.66.83.43

🇷🇺·More threats fromRussia→AS·More threats fromBashinskii Vadim Ruslanovich→RDP·More threats targetingRDP→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→SMTP·More threats targetingSMTP→SSH·More threats targetingSSH→MSSQ·More threats targetingMSSQL→DOCK·More threats targetingDOCKER→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
80.66.83.80	99%	1,424
80.66.83.63	67%	29
80.66.83.75	96%	1,930
80.66.83.74	97%	1,089
80.66.83.32	53%	89

IP Address	Confidence	Events
212.41.8.239	84%	4,566
195.239.0.178	29%	143
95.140.19.34	33%	191
95.188.84.169	12%	15
217.24.185.98	49%	487