IPMediumSignal 62/100

`91.196.152.228`

Location

France

Roubaix, Hauts-de-France

ASN

AS213412

ONYPHE

First Seen

Mar 24, 2025

Last Seen

Jun 6, 2026

Mar 24

First Seen

446d ago

Jun 6

Last Seen

8d ago

Reports

source reports

62%

Confidence

medium

Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

62%

Signal Score

62 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

76 techniques

Network Information

Country

France

RegionRoubaix, Hauts-de-France

ASNAS213412

OrganizationONYPHE

Feed Intelligence Summary

29 reports62% confidence

Source reports

62%

Confidence score

Category tags

abuseactive scanactive scanningadbadbhoney activityadbhoney honeypotadbhoney interactionsandroid devicesapi servicesaptattackattack sourceattacker-ipaustraliaauthentication abuseauthentication attemptsauthentication_bypassautomated attackautomated attack activityautomated attacksautomated threatautomated threat activityautomated-attackbad reputationbad web botbeningbening scannerblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2c2 servercisco devicecisco device attackcisco device targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscloud infrastructurecode executioncode-injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromise attemptcompromised devicecompromised hostcompromised hostscompromised systemconpot activityconpot attackconpot attacksconpot exploitationconpot honeypotconpot interactionscontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie honeypotcowrie interactionscowrie ssh activitycowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential-stuffingdata encryptiondata exfiltrationdata store exposuredata theftdatabase activitydatabase attackdatabase attacksdatabase brute forcedatabase exploitationdatabase intrusion attemptdatabase probingdatabase securitydatabase serversddosddos attackddos probeddos probingdecoy systemdenial of servicedevice managementdictionary attackdigital oceandigitalocean platformdionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware samplesdiscovery phasedistributed attacksdnp3dnsdns attackelasticpot dataelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingethernet/ipeuropeeurope/asiaexploitexploit attemptexploit attemptsexploit public-facing applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexternal access attemptsexternal threatfailed login attemptsfattfatt signaturesfilefinlandfrfranceftpftp activityftp attackftp brute forcegermanyhackingheralding activityhoneynet connecthoneytrap activityhoneytrap datahoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpsics securityics/scadaics/scada attacksics/scada systemsidentity & access exploitationindicatorindustrial control systemsinitial accessinitial access attemptsinitial-accessinjection activityinjection attacksinternet-facinginternet-facing serviceinternet-wide scanintrusion detectioniociocsiot device targetingiot devicesiot exploit attemptsiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4_addresskill-chain exploitationkill-chain reconnaissancelamplamp attacklamp attackslamp exploitlamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetedlamp stack attacklamp stack exploitationlamp stack targetinglateral movementlateral movement techniqueslinuxlinux serverslinux systemlinux systemslinux-server-attacklinux_server_attackslogin attemptlow-riskmailoney activitymailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious code detectionmalicious file transfermalicious payloadmalicious payload attemptsmalicious payload detectionmalicious softwaremalicious-ipmalicious-login-attemptsmalwaremalware behaviourmalware capturemalware delivery attemptmalware distributionmalware download attemptmalware download attemptsmalware propagationmalware_activitymobile threatmodbusmssqlmysql brute forcenetworknetwork attacksnetwork devicenetwork devicesnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-servicenetwork_service_exploitationnorth americaoceaniaonyphe-benignopenctiopportunistic attacksosintp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attacksperimeter securityphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible exploit attemptpossible malwarepossible malware distributionpossible mirai variantpotential botnet activitypotential exploit activitypotential exploit attemptspotential intrusionpotential malware activitypotential malware distributionprivilege escalationprocess injectionprotocol exploitationprotocol-abuseransomwarereconnaissanceredis honeypotremote accessremote access attemptsremote access serviceremote serviceremote service exploitationremote servicesremote_accessresearchedresource hijackingrussiarussian federationsansscada/ics attacksscannerscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer attacksentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationserver securityservice enumerationservice scanservice scanningsftp access attemptsftp activitysftp attacksftp attackssftp attemptsftp attemptssftp probingsftp-attacksip attackssip brute forcesip probingsip scansip scanningsip vulnerability scansmtpsmtp brute forcesmtp probingsocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssql-injectionsshssh attackssh attacksssh monitoringssh-brute-forcesuricata alertsuricata alertst-pot derived intelligencet1005t1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1583t1583.001t1588t1588.004t1589t1589.002t1590t1590.004t1590.006t1592t1592.002t1593t1595t1595.001t1595.002t1595.003tannertanner activitytanner interactionstargeting databasetcp port scanningtcp protocoltcp scantelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat-intel-feedtor nodetpotudp port scanudp port scanningudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized-access-attemptunited statesunknown threat actorus ip addressvalid accountsverified-benignvnc protocolvoidtrapvoipvoip attackvoip systemvoip systemsvulnerability scanvultrweb apisweb app attackweb application attackweb application attacksweb application scanningweb applicationsweb attackweb attacksweb developmentweb exploitationweb hostingweb infrastructureweb serverweb serversweb servicesweb shell detectionweb spamweb technologiesweb trafficweb-application-attackweb-attackweb_attackwindows system

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

62%

Confidence

Reports

First seenMar 24, 2025

Last seenJun 6, 2026

GeolocationFR

CountryFrance

LocationRoubaix, Hauts-de-France

ASNAS213412

OrgONYPHE

Coords50.6925, 3.1783

VirusTotal

Not checked

WHOIS

description: Score: 100/100 | Detector: threat_feed | Label: reported_abuse | Tags: reported_abuse, abuseipdb
raw: inetnum: 91.196.152.0 - 91.196.152.255 geofeed: https://www.onyphe.io/geofeed.csv descr: -----BEGIN TOKEN-----a98a05ac40ade1d4135ddd523e9353074e373301e28e7d88a7e6349edb03e450ee409b1aaa323d36638426dbd62e6793ac822688db8516dac3225ddbf3e04be5-----END TOKEN----- remarks: We are conducting Internet-scale network scanning to provide information remarks: for cyber defense purposes. We scan the full IPv4 address space and part remarks: of IPv6 address space. We are in no way targeting you specifically, you remarks: are just part of what is connected on the Internet. Our complete list remarks: of our IP ranges is available here: https://www.onyphe.io/ip-ranges.txt remarks: Opt-out by sending your IP ranges at: abuse at onyphe dot io netname: FR-ONYPHE-20221220 country: FR org: ORG-OS381-RIPE admin-c: AA44525-RIPE tech-c: AA44525-RIPE status: ALLOCATED PA mnt-by: lir-fr-onyphe-1-MNT mnt-by: RIPE-NCC-HM-MNT created: 2025-02-13T11:06:31Z last-modified: 2025-03-09T09:40:40Z source: RIPE organisation: ORG-OS381-RIPE org-name: ONYPHE SAS country: FR org-type: LIR address: 1 bis rue d'Ouessant - BP 96241 address: 35762 address: SAINT GREGOIRE address: FRANCE phone: +33 (0) 972 66 1884 admin-c: AA44525-RIPE tech-c: AA44525-RIPE abuse-c: AR77640-RIPE mnt-ref: lir-fr-onyphe-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-fr-onyphe-1-MNT created: 2025-02-05T16:10:26Z last-modified: 2025-02-06T10:40:19Z source: RIPE # Filtered role: Admin address: FRANCE address: SAINT GREGOIRE address: 35762 address: 1 bis rue d'Ouessant - BP 96241 phone: +33 (0) 972 66 1884 nic-hdl: AA44525-RIPE mnt-by: lir-fr-onyphe-1-MNT created: 2025-02-05T16:10:25Z last-modified: 2025-02-14T13:05:35Z source: RIPE # Filtered route: 91.196.152.0/24 origin: AS213412 mnt-by: lir-fr-onyphe-1-MNT created: 2025-02-14T13:01:03Z last-modified: 2025-02-14T13:01:03Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

`91.196.152.228`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy