diff --git a/cipherscan b/cipherscan
index 1cb26d1..b560052 100755
--- a/cipherscan
+++ b/cipherscan
@@ -1531,7 +1531,10 @@ if [[ $VERBOSE != 0 ]] ; then
 fi
 
 SCLIENTARGS="${PARAMS[*]}"
-if [[ $SNI == "True" ]]; then
+# only append the SNI:
+# if the target is a hostname by validating the tld
+# if -servername was not supplied by the user
+if [[ $SNI == "True"  && $sni_target =~ \.[a-z]{1,20}$ && ! $SCLIENTARGS =~ servername ]]; then
     SCLIENTARGS="$SCLIENTARGS -servername $sni_target"
 fi
 debug "sclientargs: $SCLIENTARGS"