Check an IP Address, Domain Name, Subnet, or ASN

45.156.128.72 was found in our database!

$ whois 45.156.128.72

country·🇵🇹 Portugal

isp·Sistemas Informaticos, S.A.

asn·AS211680

network·Standard

$ sikker risk 45.156.128.72scoring →

confidence

93%Very High

first_seen·Jan 29, 2026

last_seen·44m ago

first_reported·Mar 2, 2026

last_reported·Mar 12, 2026

sessions·303

events·339

reports·2

$ sikker protocols 45.156.128.72

HTTPS

98 / 106 / 2r

IMAP

75 / 81

FTP

50 / 50

SIP

35 / 35

TELNET

15 / 21

REDIS

9 / 20

MONGODB

7 / 9

RTSP

3 / 5

SSH

3 / 4

DOCKER

4 / 4

HTTP

2 / 2

SMB

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 45.156.128.72

45.156.128.72 has a threat confidence score of 93%. This IP address from Portugal (AS211680, Sistemas Informaticos, S.A.) has been observed in 303 honeypot sessions and reported 2 times targeting HTTPS, IMAP, FTP, SIP, TELNET and 8 other protocols. First observed on January 29, 2026, most recently active April 20, 2026.

$ sikker behaviors 45.156.128.72catalog →

mediumSip Request Uri Sip Nm1x

SIP request using sip:nm as the Request-URI, a malformed or placeholder target commonly observed in SIP scanning and fuzzing activity rather than legitimate client behavior.

lowRtsp Options Probe2x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoFtp Tls Upgrade38x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request2x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

$ sikker primitives 45.156.128.72

ftp_auth_tls45 docker_get_method4 https_favicon_ico_request4 rtsp_options3 https_path_root3 http_method_get2 redis_command_ff2 mongodb_hello_command2 imap_logout1 imap_capability_probe1 sip_request_uri_sip_nm1 elastic_http_get_request1 elastic_http_favicon_path_probe1

$ sikker reports 45.156.128.72submit →

Showing 2 of 2 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 12, 2026, 15:33	Brute Force	HTTPS	SikkerGuard: 30 blocked packets
User	Mar 2, 2026, 16:10	Brute Force	HTTPS	SikkerGuard: 22 blocked packets

$ sikker related 45.156.128.72

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.156.128.71	100%	726
45.156.129.80	100%	945
45.156.129.82	80%	337
45.156.129.83	87%	399
45.156.129.72	77%	375

IP Address	Confidence	Events
185.226.196.12	100%	941
185.226.196.15	90%	343
185.226.196.14	95%	405
185.226.196.13	96%	420
185.226.197.12	100%	902