Check an IP Address, Domain Name, Subnet, or ASN

91.196.152.106 was found in our database!

$ whois 91.196.152.106

country·🇫🇷 France

city·Roubaix

isp·ONYPHE SAS

asn·AS213412

network·Standard

$ sikker risk 91.196.152.106scoring →

confidence

65%High

first_seen·Jan 20, 2026

last_seen·2h ago

sessions·61

events·82

$ sikker protocols 91.196.152.106

SSH

13 / 18

HTTP

7 / 13

IMAP

6 / 8

SMTP

6 / 8

HTTPS

5 / 7

SIP

2 / 5

TELNET

4 / 5

POSTGRES

5 / 5

RDP

2 / 2

SMB

2 / 2

RTSP

2 / 2

MSSQL

2 / 2

DOCKER

2 / 2

ELASTICSEARCH

2 / 2

REDIS

1 / 1

$ sikker summary 91.196.152.106

91.196.152.106 has a threat confidence score of 65%. This IP address from France (AS213412, ONYPHE SAS) has been observed in 61 honeypot sessions targeting SSH, HTTP, IMAP, SMTP, HTTPS and 10 other protocols. First observed on January 20, 2026, most recently active March 20, 2026.

$ sikker behaviors 91.196.152.106catalog →

infoSmtp Tls Capability Probe3x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

infoHttps Root Path Request2x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 91.196.152.106

smtp_ehlo_greeting6 smtp_starttls_upgrade_request3 http_method_get2 https_path_root2 docker_get_method2 elastic_http_get_request2 http_path_bad_request1 elastic_root_path_probe1 elastic_http_bad_request_path_probe1

$ sikker related 91.196.152.106

Report IP WHOIS Lookup →

IP Address	Confidence	Events
91.196.152.188	76%	87
91.196.152.187	76%	105
94.231.206.201	73%	157
94.231.206.202	73%	126
91.196.152.73	69%	72

IP Address	Confidence	Events
109.199.98.14	97%	267
51.91.168.102	99%	623,789
54.38.41.116	87%	23,266
185.147.212.247	75%	79
54.38.60.112	100%	17,705