Check an IP Address, Domain Name, Subnet, or ASN

45.156.128.56 was found in our database!

$ whois 45.156.128.56

country·🇵🇹 Portugal

isp·Sistemas Informaticos, S.A.

asn·AS211680

network·Standard

$ sikker risk 45.156.128.56scoring →

confidence

100%Very High

first_seen·Jan 21, 2026

last_seen·4h ago

first_reported·Feb 25, 2026

last_reported·Feb 25, 2026

sessions·741

events·815

reports·1

$ sikker protocols 45.156.128.56

HTTPS

268 / 291 / 1r

IMAP

136 / 142

SIP

65 / 65

RDP

58 / 58

FTP

46 / 46

RTSP

20 / 45

SMB

39 / 39

TELNET

25 / 33

REDIS

32 / 32

POSTGRES

14 / 20

DOCKER

13 / 13

HTTP

9 / 12

MONGODB

6 / 8

SSH

5 / 6

ELASTICSEARCH

5 / 5

$ sikker summary 45.156.128.56

45.156.128.56 has a threat confidence score of 100%. This IP address from Portugal (AS211680, Sistemas Informaticos, S.A.) has been observed in 741 honeypot sessions and reported 1 times targeting HTTPS, IMAP, SIP, RDP, FTP and 10 other protocols. First observed on January 21, 2026, most recently active April 19, 2026.

$ sikker behaviors 45.156.128.56catalog →

mediumRdp Legacy Plaintext Authentication Attempt25x

Identifies RDP clients attempting authentication using the legacy RDP security mode where credentials are exchanged through the older RDP security layer instead of Network Level Authentication (NLA). This indicates the client negotiated legacy plaintext authentication during the RDP security handshake

mediumRtsp Stream Attempt Minus Teardown15x

Client performs a full RTSP interaction sequence — OPTIONS, DESCRIBE, SETUP, and PLAY — indicating an attempt to initialize and access a media stream. This pattern reflects active interaction with a streaming service rather than simple probing, and is commonly seen when automated tools or unauthorized clients try to view exposed camera or RTSP feeds.

mediumHttps Mcp Endpoint Scanner Gitmc13x

Automated MCP endpoint scanning over HTTPS using JSON-RPC initialize requests from gitmc-org-mcp-scanner, combined with probing of /mcp and /sse endpoints.

mediumJsonrpc Initialize Via Http Get Gitmc7x

Identifies JSON-RPC initialize requests from the gitmc-org-mcp-scanner client delivered via HTTP GET, indicating automated scanning activity using a non-standard transport method for JSON-RPC initialization.

mediumSip Request Uri Sip Nm1x

SIP request using sip:nm as the Request-URI, a malformed or placeholder target commonly observed in SIP scanning and fuzzing activity rather than legitimate client behavior.

lowRtsp Options Probe3x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoFtp Tls Upgrade27x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoRedis Info Command Invocation8x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 45.156.128.56

rtsp_setup64 rtsp_options38 rtsp_play32 rtsp_describe32 ftp_auth_tls29 rdp_legacy_plaintext_authenthication25 docker_get_method19 docker_post_method13 https_path_mcp_root_access13 https_path_sse_root_access13 https_jsonrpc_initialize_gitmc_mcp_scanner13 redis_info_uppercase11 http_method_get9 ftp_control_channel_binary_payload9 http_body_jsonrpc_gitmc_mcp_initialize7 elastic_http_get_request6 https_favicon_ico_request3 https_path_root2 imap_logout1 redis_command_ff1

$ sikker reports 45.156.128.56submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Feb 25, 2026, 17:35	Brute Force	HTTPS	SikkerGuard: 40 blocked packets

$ sikker related 45.156.128.56

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.156.128.5	59%	210
45.156.128.6	55%	126
45.156.128.8	53%	105
45.156.129.101	92%	412
45.156.128.78	94%	341

IP Address	Confidence	Events
45.156.129.72	77%	375
45.156.129.73	85%	353
45.156.129.70	100%	845
45.156.129.71	85%	319
45.156.129.91	90%	331