Check an IP Address, Domain Name, Subnet, or ASN

45.156.129.102 was found in our database!

$ whois 45.156.129.102

country·🇵🇹 Portugal

isp·Sistemas Informaticos, S.A.

asn·AS211680

network·Standard

$ sikker risk 45.156.129.102scoring →

confidence

89%Very High

first_seen·Jan 21, 2026

last_seen·2h ago

first_reported·Mar 10, 2026

last_reported·12d ago

sessions·187

events·231

reports·1

$ sikker protocols 45.156.129.102

HTTPS

71 / 84

IMAP

42 / 50

FTP

22 / 25 / 1r

SIP

14 / 17

REDIS

8 / 12

TELNET

8 / 10

WINRM

4 / 8

HTTP

5 / 5

DOCKER

3 / 5

MONGODB

3 / 5

RTSP

2 / 4

SMB

2 / 2

SSH

1 / 2

ELASTICSEARCH

2 / 2

$ sikker summary 45.156.129.102

45.156.129.102 has a threat confidence score of 89%. This IP address from Portugal (AS211680, Sistemas Informaticos, S.A.) has been observed in 187 honeypot sessions and reported 1 times targeting HTTPS, IMAP, FTP, SIP, REDIS and 9 other protocols. First observed on January 21, 2026, most recently active March 22, 2026.

$ sikker behaviors 45.156.129.102catalog →

lowRtsp Options Probe2x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoFtp Tls Upgrade16x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

infoHttps Root Path Request6x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoMongodb Serverstatus Discovery1x

Client issues MongoDB serverStatus requests and disconnects shortly after, indicating service inspection rather than active database interaction. This pattern is commonly associated with automated discovery activity where scanners collect runtime metrics or confirm database exposure without performing further queries.

$ sikker primitives 45.156.129.102

ftp_auth_tls20 https_path_root6 rtsp_options4 http_method_get4 mongodb_serverstatus3 docker_get_method2 elastic_http_get_request2 ftp_auth_ssl1 redis_command_ff1 elastic_root_path_probe1 elastic_http_favicon_path_probe1

$ sikker reports 45.156.129.102submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 10, 2026, 13:04	Brute Force	FTP	SikkerGuard: 20 blocked packets

$ sikker related 45.156.129.102

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.156.128.132	84%	1,861
45.156.129.83	80%	218
45.156.129.81	79%	207
45.156.129.80	99%	520
45.156.128.135	84%	1,817

IP Address	Confidence	Events
45.156.128.62	78%	133
45.156.128.61	99%	358
185.180.141.37	99%	447
45.156.129.141	84%	1,826
45.156.131.12	84%	2,048