Check an IP Address, Domain Name, Subnet, or ASN

80.87.206.168 was found in our database!

$ whois 80.87.206.168

country·🇷🇺 Russia

isp·OVH SAS

asn·AS16276

network·Standard

$ sikker risk 80.87.206.168scoring →

confidence

79%High

first_seen·Feb 20, 2026

last_seen·8d ago

sessions·30

events·30

$ sikker protocols 80.87.206.168

HTTPS

19 / 19

HTTP

2 / 2

DOCKER

2 / 2

ELASTICSEARCH

2 / 2

FTP

1 / 1

SSH

1 / 1

IMAP

1 / 1

RTSP

1 / 1

MONGODB

1 / 1

$ sikker summary 80.87.206.168

80.87.206.168 has a threat confidence score of 79%. This IP address from Russia (AS16276, OVH SAS) has been observed in 30 honeypot sessions targeting HTTPS, HTTP, DOCKER, ELASTICSEARCH, FTP and 4 other protocols. First observed on February 20, 2026, most recently active March 12, 2026.

$ sikker behaviors 80.87.206.168catalog →

mediumRtsp Stream Attempt Minus Teardown1x

Client performs a full RTSP interaction sequence — OPTIONS, DESCRIBE, SETUP, and PLAY — indicating an attempt to initialize and access a media stream. This pattern reflects active interaction with a streaming service rather than simple probing, and is commonly seen when automated tools or unauthorized clients try to view exposed camera or RTSP feeds.

lowElastic Service Validation And Index Enumeration2x

Client first performs a generic request to the Elasticsearch root endpoint to verify service availability, then proceeds to request /_cat/indices. This sequence reflects staged Elasticsearch reconnaissance where the actor validates that the cluster is reachable before attempting index enumeration and data exposure assessment. Compared to direct index enumeration behaviors, the interaction begins with a service-validation step, suggesting adaptive probing rather than immediate Elasticsearch-specific targeting.

infoHttps Root Path Request5x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 80.87.206.168

https_path_root5 docker_get_method4 elastic_http_get_request4 rtsp_options2 rtsp_describe2 http_method_get2 elastic_root_path_probe2 docker_list_containers_endpoint2 elastic_cat_indices_enumeration2 rtsp_play1 rtsp_setup1 ftp_user_probe1 ftp_nlst_request1 ftp_session_quit1 ftp_set_ascii_mode1 ftp_password_attempt1 ftp_enter_passive_mode1

$ sikker related 80.87.206.168

🇷🇺·More threats fromRussia→AS·More threats fromOVH SAS→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→DOCK·More threats targetingDOCKER→ELAS·More threats targetingELASTICSEARCH→FTP·More threats targetingFTP→SSH·More threats targetingSSH→IMAP·More threats targetingIMAP→RTSP·More threats targetingRTSP→MONG·More threats targetingMONGODB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
94.23.150.225	100%	219,504
37.59.79.193	86%	110
51.91.168.102	99%	622,952
54.38.60.112	100%	17,583
54.38.41.116	87%	22,929

IP Address	Confidence	Events
178.178.222.47	50%	377
80.66.83.43	100%	4,622
37.77.150.119	95%	13,865
81.29.142.100	100%	27,134
95.189.48.39	25%	62