Check an IP Address, Domain Name, Subnet, or ASN

91.196.152.23 was found in our database!

$ whois 91.196.152.23

country·🇫🇷 France

city·Roubaix

isp·ONYPHE SAS

asn·AS213412

network·Standard

$ sikker risk 91.196.152.23scoring →

confidence

80%Very High

first_seen·Jan 20, 2026

last_seen·20m ago

first_reported·Mar 12, 2026

last_reported·2d ago

sessions·56

events·75

reports·5

$ sikker protocols 91.196.152.23

SSH

12 / 17

FTP

7 / 13 / 1r

SMTP

6 / 10

ELASTICSEARCH

8 / 8

HTTPS

3 / 6

HTTP

4 / 5 / 1r

SMB

4 / 4 / 1r

IMAP

4 / 4

SIP

3 / 3

POSTGRES

2 / 2

RTSP

1 / 1 / 1r

REDIS

1 / 1

TELNET

1 / 1

$ sikker summary 91.196.152.23

91.196.152.23 has a threat confidence score of 80%. This IP address from France (AS213412, ONYPHE SAS) has been observed in 56 honeypot sessions and reported 5 times targeting SSH, FTP, SMTP, ELASTICSEARCH, HTTPS and 8 other protocols. First observed on January 20, 2026, most recently active March 20, 2026.

$ sikker behaviors 91.196.152.23catalog →

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoFtp Tls Negotiation And Disconnect4x

FTP session where the client issues AUTH TLS to upgrade the connection to TLS and then terminates the session with QUIT without performing further commands. This reflects minimal interaction limited to encryption negotiation and immediate disconnect, commonly observed in capability testing or automated probing.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 91.196.152.23

elastic_http_get_request8 elastic_root_path_probe6 smtp_ehlo_greeting5 ftp_auth_tls4 ftp_session_quit4 http_method_get2 empty_ftp_command2 elastic_http_bad_request_path_probe2 rtsp_options1 http_path_bad_request1

$ sikker reports 91.196.152.23submit →

Showing 5 of 5 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 18, 2026, 21:41	Brute Force	—	SikkerGuard: 2 blocked packets
User	Mar 18, 2026, 02:54	Brute Force	RTSP	SikkerGuard: 2 blocked packets
User	Mar 17, 2026, 01:54	Brute Force	FTP	SikkerGuard: 2 blocked packets
User	Mar 15, 2026, 15:28	Brute Force	SMB	SikkerGuard: 2 blocked packets
User	Mar 12, 2026, 06:21	Brute Force	HTTP	SikkerGuard: 2 blocked packets

$ sikker related 91.196.152.23

Report IP WHOIS Lookup →

IP Address	Confidence	Events
91.196.152.188	76%	87
91.196.152.187	76%	105
94.231.206.201	73%	157
94.231.206.202	73%	126
91.196.152.73	69%	72

IP Address	Confidence	Events
109.199.98.14	97%	267
51.91.168.102	99%	623,789
54.38.41.116	87%	23,266
185.147.212.247	75%	79
54.38.60.112	100%	17,705