Check an IP Address, Domain Name, Subnet, or ASN

91.196.152.87 was found in our database!

$ whois 91.196.152.87

country·🇫🇷 France

city·Roubaix

isp·ONYPHE SAS

asn·AS213412

network·Standard

$ sikker risk 91.196.152.87scoring →

confidence

60%High

first_seen·Jan 22, 2026

last_seen·1h ago

sessions·51

events·76

$ sikker protocols 91.196.152.87

HTTP

9 / 13

SMTP

6 / 13

SIP

3 / 8

SSH

6 / 6

MSSQL

6 / 6

HTTPS

3 / 5

DOCKER

2 / 4

MONGODB

3 / 4

POSTGRES

3 / 4

SMB

2 / 3

FTP

1 / 2

RDP

2 / 2

TELNET

1 / 2

ELASTICSEARCH

2 / 2

IMAP

1 / 1

REDIS

1 / 1

$ sikker summary 91.196.152.87

91.196.152.87 has a threat confidence score of 60%. This IP address from France (AS213412, ONYPHE SAS) has been observed in 51 honeypot sessions targeting HTTP, SMTP, SIP, SSH, MSSQL and 11 other protocols. First observed on January 22, 2026, most recently active March 21, 2026.

$ sikker behaviors 91.196.152.87catalog →

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoSmtp Tls Capability Probe2x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 91.196.152.87

smtp_ehlo_greeting6 http_method_get4 elastic_http_get_request2 smtp_starttls_upgrade_request2 elastic_http_favicon_path_probe2 https_path_root1 docker_get_method1 http_path_bad_request1 redis_command_http_connection_close1 redis_command_http_host_header_port_63791

$ sikker related 91.196.152.87

Report IP WHOIS Lookup →

IP Address	Confidence	Events
94.231.206.13	76%	185
94.231.206.4	73%	158
91.230.168.230	74%	111
91.230.168.102	81%	106
91.196.152.118	77%	70

IP Address	Confidence	Events
54.38.41.116	87%	25,183
54.38.60.112	100%	18,231
51.83.143.139	90%	72,152
212.90.120.72	55%	24
91.231.89.118	64%	86