Critical Alert
IP 91.196.152.3 is a critical-risk address associated with prolific hacking activity, accumulating 1,852 abuse reports across automated honeypot sensors with a maximum threat score of 10/10, indicating persistent and aggressive intrusion attempts.
Threat intelligence confirms this French IP (AS213412, ONYPHE SAS) was first reported in August 2025 and remains active as of May 2026, with all 20 most recent threat reports consistently categorizing the activity as hacking attempts. The volume of reports indicates sustained, high-frequency malicious engagement rather than opportunistic scanning. Community and sensor data both point to automated intrusion attempts originating from this address, suggesting coordinated scanning or exploitation activity.
The hacking classification encompasses various intrusion vectors including vulnerability exploitation and unauthorized access attempts. This threat pattern poses significant risk to any exposed service, as automated tools behind this IP could identify and compromise systems with known vulnerabilities or weak authentication configurations within minutes of exposure.
Network defenders should immediately block 91.196.152.3 at the firewall level and monitor authentication logs for related connection attempts. Deploy automated brute-force mitigation tools such as fail2ban to dynamically ban repeated offenders, enforce strong authentication policies, maintain rigorous patching schedules for all internet-facing services, and implement intrusion detection systems to identify and block similar threat patterns.
US 
PE 
CH 
GB 
HK 
PH