Severe Risk
IP address 91.196.152.20, registered to ONYPHE SAS and operating within French network AS213412, presents a critical threat level of 10 out of 10 based on 187 independent abuse reports spanning from August 2025 through June 2026, with an 84 percent confidence rating that this address is engaged in malicious activity targeting internet-facing systems.
Automated honeypot sensors across 20 distinct detection points recorded the majority of these incidents, with the IP demonstrating persistent hacking behavior over an eleven-month observation window. The activity frequency rating of 4 out of 10 suggests intermittent but deliberate engagement with potential targets rather than random scanning, indicating a structured approach to network reconnaissance and intrusion attempts. France-based infrastructure under AS213412 ownership has been repeatedly flagged for unauthorized connection attempts, establishing a documented pattern of abuse associated with this specific address.
The dominant threat category of hacking encompasses various intrusion methodologies including exploitation attempts against vulnerable services, credential-based attacks, and unauthorized access probes. This classification reflects concrete real-world risk: exposed services with weak authentication, unpatched software, or misconfigured access controls face direct compromise attempts from this address. The volume of reports and sustained activity period demonstrate that 91.196.152.20 is not a transient or opportunistic actor but rather infrastructure actively used to breach systems at scale.
Network defenders should immediately block 91.196.152.20 at the firewall level and implement fail2ban or equivalent log-based intrusion prevention rules to automatically ban repeated connection attempts. All internet-facing services should enforce strong authentication mechanisms, apply security patches promptly, and employ rate-limiting on authentication endpoints to mitigate brute-force strategies. Continuous monitoring of access logs for this IP address will help identify any attempted exploitation of specific vulnerabilities. Organizations running exposed services should consider restricting access via IP allowlisting where feasible to eliminate unauthorized probing entirely.
US 
RO