Check an IP Address, Domain Name, Subnet, or ASN

45.9.149.210 was found in our database!

$ whois 45.9.149.210

country·🇳🇱 The Netherlands

city·Amsterdam

isp·Nice IT Services Group Inc.

asn·AS49447

network·Standard

$ sikker risk 45.9.149.210scoring →

confidence

75%High

first_seen·Feb 17, 2026

last_seen·19d ago

sessions·41

events·41

$ sikker protocols 45.9.149.210

HTTPS

14 / 14

MSSQL

11 / 11

HTTP

7 / 7

IMAP

2 / 2

SSH

1 / 1

RTSP

1 / 1

SMTP

1 / 1

DOCKER

1 / 1

MONGODB

1 / 1

POSTGRES

1 / 1

ELASTICSEARCH

1 / 1

$ sikker summary 45.9.149.210

45.9.149.210 has a threat confidence score of 75%. This IP address from The Netherlands (AS49447, Nice IT Services Group Inc.) has been observed in 41 honeypot sessions targeting HTTPS, MSSQL, HTTP, IMAP, SSH and 6 other protocols. First observed on February 17, 2026, most recently active March 5, 2026.

$ sikker behaviors 45.9.149.210catalog →

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttps Root Path Request6x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request4x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoDocker Invalid Protocol Probe1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 45.9.149.210

https_path_root6 http_method_get5 rtsp_options1 docker_get_method1 http_path_bad_request1 docker_bad_request_uri1 elastic_root_path_probe1 elastic_http_get_request1

$ sikker related 45.9.149.210

Report IP WHOIS Lookup →

IP Address	Confidence	Events
45.9.149.253	95%	683
45.9.148.50	25%	8
45.9.148.129	49%	115
45.9.149.137	60%	8
45.9.150.250	41%	12

IP Address	Confidence	Events
94.154.35.215	93%	36,087
130.12.180.51	100%	22,615
45.148.10.192	100%	20,636
45.148.10.240	100%	506,406
94.23.150.225	100%	225,103