Check an IP Address, Domain Name, Subnet, or ASN

45.156.128.112 was found in our database!

$ whois 45.156.128.112

country·🇵🇹 Portugal

isp·Sistemas Informaticos, S.A.

asn·AS211680

network·Standard

$ sikker risk 45.156.128.112scoring →

confidence

69%High

first_seen·Feb 2, 2026

last_seen·1h ago

sessions·78

events·98

$ sikker protocols 45.156.128.112

HTTPS

49 / 67

HTTP

10 / 10

SSH

5 / 5

MONGODB

2 / 4

IMAP

3 / 3

RTSP

3 / 3

SIP

2 / 2

ELASTICSEARCH

2 / 2

REDIS

1 / 1

POSTGRES

1 / 1

$ sikker summary 45.156.128.112

45.156.128.112 has a threat confidence score of 69%. This IP address from Portugal (AS211680, Sistemas Informaticos, S.A.) has been observed in 78 honeypot sessions targeting HTTPS, HTTP, SSH, MONGODB, IMAP and 5 other protocols. First observed on February 2, 2026, most recently active March 20, 2026.

$ sikker behaviors 45.156.128.112catalog →

lowElastic Index Enumeration Probe1x

Client performs a direct request to the Elasticsearch /_cat/indices endpoint and retrieves a successful response without preceding generic web discovery or multi-protocol probing. This behavior indicates targeted Elasticsearch reconnaissance focused on enumerating available indices, document counts, and storage size to assess data exposure. Unlike broad internet scanners, the interaction is Elasticsearch-aware from the start, suggesting tooling or operators specifically searching for open clusters rather than conducting general service fingerprinting.

infoHttps Root Path Request6x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoRedis Info Command Invocation1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 45.156.128.112

https_path_root8 elastic_http_get_request3 http_method_get2 elastic_root_path_probe2 redis_info_lowercase1 elastic_cat_indices_enumeration1

$ sikker related 45.156.128.112

🇵🇹·More threats fromPortugal→AS·More threats fromSistemas Informaticos, S.A.→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→SSH·More threats targetingSSH→MONG·More threats targetingMONGODB→IMAP·More threats targetingIMAP→RTSP·More threats targetingRTSP→SIP·More threats targetingSIP→ELAS·More threats targetingELASTICSEARCH→REDI·More threats targetingREDIS→POST·More threats targetingPOSTGRES→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.156.129.70	97%	421
45.156.129.141	84%	1,743
45.156.128.202	60%	85
45.156.129.140	84%	1,807
45.156.129.87	73%	235

IP Address	Confidence	Events
109.105.209.7	100%	516
109.105.209.8	89%	185
45.156.131.12	84%	1,973
45.156.128.39	59%	104
45.156.131.22	62%	97