Check an IP Address, Domain Name, Subnet, or ASN

45.156.128.102 was found in our database!

$ whois 45.156.128.102

country·🇵🇹 Portugal

isp·Sistemas Informaticos, S.A.

asn·AS211680

network·Standard

$ sikker risk 45.156.128.102scoring →

confidence

69%High

first_seen·Jan 31, 2026

last_seen·2h ago

sessions·97

events·139

$ sikker protocols 45.156.128.102

HTTPS

61 / 89

HTTP

19 / 33

SSH

5 / 5

MONGODB

3 / 3

REDIS

2 / 2

TELNET

2 / 2

POSTGRES

2 / 2

IMAP

1 / 1

RTSP

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 45.156.128.102

45.156.128.102 has a threat confidence score of 69%. This IP address from Portugal (AS211680, Sistemas Informaticos, S.A.) has been observed in 97 honeypot sessions targeting HTTPS, HTTP, SSH, MONGODB, REDIS and 5 other protocols. First observed on January 31, 2026, most recently active March 24, 2026.

$ sikker behaviors 45.156.128.102catalog →

lowElastic Service Validation And Index Enumeration1x

Client first performs a generic request to the Elasticsearch root endpoint to verify service availability, then proceeds to request /_cat/indices. This sequence reflects staged Elasticsearch reconnaissance where the actor validates that the cluster is reachable before attempting index enumeration and data exposure assessment. Compared to direct index enumeration behaviors, the interaction begins with a service-validation step, suggesting adaptive probing rather than immediate Elasticsearch-specific targeting.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoRedis Info Command Invocation2x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 45.156.128.102

elastic_http_get_request4 https_path_root3 redis_info_lowercase2 http_method_get1 mongodb_hello_command1 elastic_root_path_probe1 elastic_cat_indices_enumeration1

$ sikker related 45.156.128.102

🇵🇹·More threats fromPortugal→AS·More threats fromSistemas Informaticos, S.A.→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→MONG·More threats targetingMONGODB→REDI·More threats targetingREDIS→TELN·More threats targetingTELNET→POST·More threats targetingPOSTGRES→IMAP·More threats targetingIMAP→RTSP·More threats targetingRTSP→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.156.128.134	84%	1,859
45.156.128.135	84%	1,873
45.156.128.86	100%	500
45.156.128.88	87%	204
45.156.128.203	78%	131

IP Address	Confidence	Events
109.105.210.95	63%	110
45.156.128.132	84%	1,935
45.156.128.134	84%	1,859
109.105.210.59	89%	252
109.105.210.60	77%	214