Check an IP Address, Domain Name, Subnet, or ASN

91.196.152.7 was found in our database!

$ whois 91.196.152.7

country·🇫🇷 France

city·Roubaix

isp·ONYPHE SAS

asn·AS213412

network·Standard

$ sikker risk 91.196.152.7scoring →

confidence

83%Very High

first_seen·Jan 23, 2026

last_seen·1h ago

first_reported·Mar 11, 2026

last_reported·2d ago

sessions·37

events·50

reports·9

$ sikker protocols 91.196.152.7

IMAP

10 / 12

SSH

4 / 5 / 2r

SMTP

3 / 5 / 2r

HTTP

2 / 4 / 2r

HTTPS

2 / 4 / 1r

FTP

3 / 4

TR069

1 / 3

TELNET

2 / 3

ELASTICSEARCH

3 / 3

SIP

2 / 2

RTSP

2 / 2

DOCKER

1 / 1 / 1r

SMB

1 / 1

REDIS

1 / 1

MYSQL

0 / 0 / 1r

$ sikker summary 91.196.152.7

91.196.152.7 has a threat confidence score of 83%. This IP address from France (AS213412, ONYPHE SAS) has been observed in 37 honeypot sessions and reported 9 times targeting IMAP, SSH, SMTP, HTTP, HTTPS and 10 other protocols. First observed on January 23, 2026, most recently active March 24, 2026.

$ sikker behaviors 91.196.152.7catalog →

lowRtsp Options Probe2x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoFtp Tls Negotiation And Disconnect1x

FTP session where the client issues AUTH TLS to upgrade the connection to TLS and then terminates the session with QUIT without performing further commands. This reflects minimal interaction limited to encryption negotiation and immediate disconnect, commonly observed in capability testing or automated probing.

$ sikker primitives 91.196.152.7

elastic_root_path_probe3 elastic_http_get_request3 ftp_auth_tls2 rtsp_options2 ftp_session_quit2 http_method_get1 https_path_root1 docker_get_method1 http_path_bad_request1 redis_command_http_connection_close1

$ sikker reports 91.196.152.7submit →

Showing 5 of 9 reports from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 22, 2026, 12:14	Brute Force	SSH	SikkerGuard: 2 blocked packets
User	Mar 20, 2026, 22:56	Brute Force	HTTP	SikkerGuard: 2 blocked packets
User	Mar 18, 2026, 15:02	Brute Force	SMTP	SikkerGuard: 2 blocked packets
User	Mar 16, 2026, 19:35	Brute Force	DOCKER	SikkerGuard: 2 blocked packets
User	Mar 16, 2026, 13:21	Brute Force	MYSQL	SikkerGuard: 2 blocked packets

1 / 2

$ sikker related 91.196.152.7

Report IP WHOIS Lookup →

IP Address	Confidence	Events
91.231.89.213	78%	71
91.231.89.85	77%	93
91.230.168.154	52%	27
195.184.76.225	49%	65
195.184.76.226	50%	64

IP Address	Confidence	Events
54.38.41.116	87%	32,057
51.91.168.102	99%	646,086
37.59.79.193	86%	344
51.83.143.139	90%	76,801
109.205.181.136	92%	186