Check an IP Address, Domain Name, Subnet, or ASN

80.94.95.83 was found in our database!

$ whois 80.94.95.83

country·🇷🇴 Romania

isp·SS-Net

asn·AS204428

network·Standard

$ sikker risk 80.94.95.83scoring →

confidence

100%Very High

first_seen·Jan 28, 2026

last_seen·6h ago

sessions·4,539

events·4,652

$ sikker protocols 80.94.95.83

RDP

4,202 / 4,205

HTTP

225 / 250

DOCKER

53 / 137

HTTPS

59 / 60

$ sikker summary 80.94.95.83

80.94.95.83 has a threat confidence score of 100%. This IP address from Romania (AS204428, SS-Net) has been observed in 4,539 honeypot sessions targeting RDP, HTTP, DOCKER, HTTPS protocols. First observed on January 28, 2026, most recently active April 21, 2026.

$ sikker behaviors 80.94.95.83catalog →

mediumRdp Nla Ntlm Authentication Attempt184x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

mediumRdp Legacy Plaintext Authentication Attempt90x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

infoDocker Invalid Protocol Probe48x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

infoHttp Bad Request Route Probe9x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 80.94.95.83

rdp_nla_ntlm_auth185 docker_get_method156 docker_bad_request_uri156 rdp_legacy_plaintext_authenthication92 http_method_get16 http_path_bad_request16

$ sikker related 80.94.95.83

🇷🇴·More threats fromRomania→AS·More threats fromSS-Net→RDP·More threats targetingRDP→HTTP·More threats targetingHTTP→DOCK·More threats targetingDOCKER→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
80.94.95.43	100%	2,048
80.94.95.169	72%	402
80.94.95.221	98%	17,173
80.94.95.166	36%	13
80.94.95.242	70%	22

IP Address	Confidence	Events
80.94.92.184	100%	64,978
2.57.122.177	100%	597,942
2.57.121.112	95%	50,763
193.46.255.86	87%	4,104
193.32.162.13	100%	138,197