Extreme Threat
IP address 91.196.152.106 is a high-risk threat actor with a maximum threat rating of 10/10, associated with active hacking infrastructure and confirmed exploited-host behavior. This French IP has accumulated 167 independent abuse reports from 20 distinct automated honeypot sensors, indicating sustained and widespread malicious activity detected over approximately ten months.
The address operates through ONYPHE SAS on ASN AS213412, with hostile activity first documented in September 2025 and persisting through June 2026. Recent report classification shows 19 hacking-related incidents alongside one exploited-host designation, suggesting this infrastructure may itself be compromised and weaponized without the operator's knowledge. The 84% confidence score, combined with consistent high-volume reporting and a moderate activity frequency of 5/10, paints a picture of a persistent threat actor engaged in continuous intrusion operations rather than opportunistic scanning.
The dominant hacking classification encompasses various intrusion attempts, exploitation of vulnerabilities, and unauthorized access operations. Observed attack patterns involving connection attempts and malware or exploit activity indicate this IP is actively probing for vulnerable services to compromise. When combined with the exploited-host designation, this suggests the address functions as either a dedicated attack platform or a botnet node being leveraged for hostile operations. The sustained detection window and consistent report volume demonstrate this is not transient scanning but persistent hostile infrastructure.
Site operators should immediately block this IP at the network perimeter or firewall level. Implementing automated abuse-response tools such as fail2ban can proactively block repeated connection attempts. Exposed services should enforce strong authentication, apply prompt patching cycles, and restrict access to essential endpoints only. Organizations experiencing repeated contact from this address should consider notifying ONYPHE SAS to report the malicious activity associated with their network allocation.
US 
RO 
IR 
ES 
BG 
EE