Check an IP Address, Domain Name, Subnet, or ASN

91.134.5.177 was found in our database!

$ whois 91.134.5.177

country·🇫🇷 France

isp·OVH SAS

asn·AS16276

network·Standard

$ sikker risk 91.134.5.177scoring →

confidence

98%Very High

first_seen·Jan 20, 2026

last_seen·1h ago

sessions·116

events·322

$ sikker protocols 91.134.5.177

SMB

116 / 322

$ sikker summary 91.134.5.177

91.134.5.177 has a threat confidence score of 98%. This IP address from France (AS16276, OVH SAS) has been observed in 116 honeypot sessions targeting SMB protocols. Detected attack patterns include smb authenticated rpc service and account enumeration. First observed on January 20, 2026, most recently active March 23, 2026.

$ sikker behaviors 91.134.5.177catalog →

highSmb Authenticated Rpc Service And Account Enumeration64x

Identifies an SMB session where the IPC$ share is accessed and RPC bindings are established to the SAMR and SRVSVC interfaces via named pipes. The combination of IPC$ access, SAMR RPC binding (Security Account Manager Remote), and SRVSVC pipe interaction indicates authenticated enumeration of user accounts, groups, shares, or service information on a Windows host. This behavior reflects structured post-authentication reconnaissance against Windows systems rather than unauthenticated share scanning.

$ sikker primitives 91.134.5.177

smb_srvsvc_rpc_bind128 smb_samr_rpc_bind65 smb_ipc_share_access65 smb_srvsvc_pipe_open64

$ sikker related 91.134.5.177

🇫🇷·More threats fromFrance→AS·More threats fromOVH SAS→SMB·More threats targetingSMB→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
5.135.106.93	99%	76,720
15.204.128.147	96%	2,306
54.38.41.116	87%	29,873
51.83.143.139	90%	75,187
51.91.168.102	99%	639,539

IP Address	Confidence	Events
51.91.168.102	99%	639,543
51.83.143.139	90%	75,189
5.135.106.93	99%	76,727
54.38.41.116	87%	29,874
109.205.180.231	95%	171