Check an IP Address, Domain Name, Subnet, or ASN

45.194.70.251 was found in our database!

$ whois 45.194.70.251

country·🇸🇨 Seychelles

isp·UCLOUD INFORMATION TECHNOLOGY HK LIMITED

asn·AS135377

network·Standard

$ sikker risk 45.194.70.251scoring →

confidence

73%High

first_seen·Jan 21, 2026

last_seen·1h ago

sessions·61

events·107

$ sikker protocols 45.194.70.251

HTTPS

24 / 40

HTTP

16 / 21

WINRM

4 / 12

SSH

6 / 9

RTSP

3 / 9

DOCKER

1 / 9

REDIS

5 / 5

SMTP

2 / 2

$ sikker summary 45.194.70.251

45.194.70.251 has a threat confidence score of 73%. This IP address from Seychelles (AS135377, UCLOUD INFORMATION TECHNOLOGY HK LIMITED) has been observed in 61 honeypot sessions targeting HTTPS, HTTP, WINRM, SSH, RTSP and 3 other protocols. First observed on January 21, 2026, most recently active April 2, 2026.

$ sikker behaviors 45.194.70.251catalog →

lowRtsp Stream Enumeration1x

Client requests RTSP OPTIONS followed by DESCRIBE to query supported methods and retrieve stream metadata, but does not proceed to session setup or playback. This pattern is commonly associated with automated scanning or reconnaissance activity checking for exposed cameras or media services.

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request3x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoRedis Info Command Invocation1x

Identifies execution of the Redis INFO command (case-insensitive), which retrieves server configuration, version, memory usage, and runtime statistics. This behavior reflects service interrogation and environment fingerprinting activity. While INFO can be used legitimately by administrators, it is also commonly observed during automated scanning and pre-exploitation reconnaissance of exposed Redis instances.

$ sikker primitives 45.194.70.251

http_method_get9 rtsp_options4 rtsp_describe4 https_path_root3 http_path_bad_request3 smtp_ehlo_greeting1 redis_info_lowercase1 smtp_quit_session_termination1

$ sikker related 45.194.70.251

🇸🇨·More threats fromSeychelles→AS·More threats fromUCLOUD INFORMATION TECHNOLOGY HK LIMITED→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→WINR·More threats targetingWINRM→SSH·More threats targetingSSH→RTSP·More threats targetingRTSP→DOCK·More threats targetingDOCKER→REDI·More threats targetingREDIS→SMTP·More threats targetingSMTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
165.154.6.187	98%	60
152.32.132.215	100%	277
165.154.182.182	67%	220
165.154.120.77	94%	214
123.58.213.128	100%	343

IP Address	Confidence	Events
5.61.209.107	94%	2,201
156.253.5.146	100%	310
212.11.64.154	100%	792
154.198.215.50	98%	54
154.221.17.134	86%	9