Check an IP Address, Domain Name, Subnet, or ASN

91.230.168.47 was found in our database!

$ whois 91.230.168.47

country·🇺🇸 United States

city·Hillsboro

isp·ONYPHE SAS

asn·AS213412

network·Standard

$ sikker risk 91.230.168.47scoring →

confidence

53%Medium

first_seen·Feb 7, 2026

last_seen·1h ago

sessions·23

events·29

$ sikker protocols 91.230.168.47

RTSP

2 / 6

SSH

4 / 4

FTP

2 / 3

HTTP

3 / 3

MSSQL

3 / 3

POSTGRES

3 / 3

SMTP

1 / 2

HTTPS

2 / 2

RDP

1 / 1

SMB

1 / 1

IMAP

1 / 1

$ sikker summary 91.230.168.47

91.230.168.47 has a threat confidence score of 53%. This IP address from United States (AS213412, ONYPHE SAS) has been observed in 23 honeypot sessions targeting RTSP, SSH, FTP, HTTP, MSSQL and 6 other protocols. First observed on February 7, 2026, most recently active March 25, 2026.

$ sikker behaviors 91.230.168.47catalog →

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 91.230.168.47

rtsp_options1 http_method_get1 https_path_root1

$ sikker related 91.230.168.47

🇺🇸·More threats fromUnited States→AS·More threats fromONYPHE SAS→RTSP·More threats targetingRTSP→SSH·More threats targetingSSH→FTP·More threats targetingFTP→HTTP·More threats targetingHTTP→MSSQ·More threats targetingMSSQL→POST·More threats targetingPOSTGRES→SMTP·More threats targetingSMTP→HTTP·More threats targetingHTTPS→RDP·More threats targetingRDP→SMB·More threats targetingSMB→IMAP·More threats targetingIMAP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
91.196.152.244	59%	24
91.196.152.203	57%	25
91.231.89.15	69%	84
91.231.89.130	67%	83
94.231.206.252	75%	184

IP Address	Confidence	Events
96.93.15.20	92%	204
45.61.184.223	99%	12,165
20.169.85.114	46%	547
92.118.39.63	100%	57,018
162.216.150.42	77%	174