Check an IP Address, Domain Name, Subnet, or ASN

45.156.128.171 was found in our database!

$ whois 45.156.128.171

country·🇵🇹 Portugal

isp·Sistemas Informaticos, S.A.

asn·AS211680

network·Standard

$ sikker risk 45.156.128.171scoring →

confidence

86%Very High

first_seen·Jan 20, 2026

last_seen·1h ago

first_reported·Mar 8, 2026

last_reported·12d ago

sessions·143

events·183

reports·1

$ sikker protocols 45.156.128.171

HTTP

66 / 84

HTTPS

64 / 84

TELNET

4 / 6

SSH

3 / 3 / 1r

IMAP

2 / 2

FTP

1 / 1

REDIS

1 / 1

MONGODB

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 45.156.128.171

45.156.128.171 has a threat confidence score of 86%. This IP address from Portugal (AS211680, Sistemas Informaticos, S.A.) has been observed in 143 honeypot sessions and reported 1 times targeting HTTP, HTTPS, TELNET, SSH, IMAP and 4 other protocols. First observed on January 20, 2026, most recently active March 20, 2026.

$ sikker behaviors 45.156.128.171catalog →

lowElastic Service Validation And Index Enumeration1x

Client first performs a generic request to the Elasticsearch root endpoint to verify service availability, then proceeds to request /_cat/indices. This sequence reflects staged Elasticsearch reconnaissance where the actor validates that the cluster is reachable before attempting index enumeration and data exposure assessment. Compared to direct index enumeration behaviors, the interaction begins with a service-validation step, suggesting adaptive probing rather than immediate Elasticsearch-specific targeting.

infoHttp Root Path Request45x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoRedis Info Command Invocation1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 45.156.128.171

http_method_get47 https_path_root4 elastic_http_get_request3 redis_info_lowercase1 mongodb_hello_command1 elastic_root_path_probe1 elastic_cat_indices_enumeration1

$ sikker reports 45.156.128.171submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 8, 2026, 11:42	Brute Force	SSH	SikkerGuard: 2 blocked packets

$ sikker related 45.156.128.171

🇵🇹·More threats fromPortugal→AS·More threats fromSistemas Informaticos, S.A.→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→TELN·More threats targetingTELNET→SSH·More threats targetingSSH→IMAP·More threats targetingIMAP→FTP·More threats targetingFTP→REDI·More threats targetingREDIS→MONG·More threats targetingMONGODB→ELAS·More threats targetingELASTICSEARCH→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
185.226.198.4	99%	407
185.226.198.6	88%	171
45.156.128.76	99%	481
45.156.128.78	85%	194
45.156.128.77	77%	220

IP Address	Confidence	Events
109.105.210.67	100%	417
185.226.198.4	99%	407
185.226.198.6	88%	171
109.105.210.94	65%	113
45.156.128.76	99%	481