Check an IP Address, Domain Name, Subnet, or ASN

80.76.42.17 was found in our database!

$ whois 80.76.42.17

country·🇷🇺 Russia

city·Moscow

isp·FOP Hornostay Mykhaylo Ivanovych

asn·AS212913

network·Standard

$ sikker risk 80.76.42.17scoring →

confidence

73%High

first_seen·Feb 21, 2026

last_seen·22d ago

sessions·33

events·33

$ sikker protocols 80.76.42.17

SIP

17 / 17

HTTP

8 / 8

HTTPS

8 / 8

$ sikker summary 80.76.42.17

80.76.42.17 has a threat confidence score of 73%. This IP address from Russia (AS212913, FOP Hornostay Mykhaylo Ivanovych) has been observed in 33 honeypot sessions targeting SIP, HTTP, HTTPS protocols. First observed on February 21, 2026, most recently active March 2, 2026.

$ sikker behaviors 80.76.42.17catalog →

mediumSip Automated Invite Probe1x

Represents an automated SIP INVITE request likely generated by a scanner or bot rather than a legitimate user agent. The behavior is inferred from a combination of a numeric-only SIP Call-ID format and a direct INVITE to a long numeric target without prior registration or dialog context. This pattern is commonly associated with SIP service probing, extension discovery, or early-stage toll-fraud reconnaissance. This behavior indicates reconnaissance activity against a SIP service but does not, by itself, confirm successful call setup or financial abuse.

infoHttp Root Path Request8x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request8x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 80.76.42.17

http_method_get8 https_path_root8 sip_invite_request1 sip_call_id_numeric_triplet1

$ sikker related 80.76.42.17

🇷🇺·More threats fromRussia→AS·More threats fromFOP Hornostay Mykhaylo Ivanovych→SIP·More threats targetingSIP→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.151.139.195	37%	6
130.49.181.91	62%	21
93.170.123.60	39%	32
93.170.123.145	37%	17
62.3.58.189	23%	1

IP Address	Confidence	Events
212.33.235.243	100%	1,153
85.26.233.64	17%	5
82.147.88.2	97%	12,959
195.206.62.230	61%	27
85.237.46.251	42%	307