Check an IP Address, Domain Name, Subnet, or ASN

91.231.89.205 was found in our database!

$ whois 91.231.89.205

country·🇫🇷 France

city·Gravelines

isp·ONYPHE SAS

asn·AS213412

network·Standard

$ sikker risk 91.231.89.205scoring →

confidence

69%High

first_seen·Jan 20, 2026

last_seen·1h ago

sessions·64

events·89

$ sikker protocols 91.231.89.205

SMTP

7 / 15

SSH

7 / 10

HTTPS

6 / 9

HTTP

5 / 8

DOCKER

6 / 8

SIP

4 / 7

IMAP

6 / 7

FTP

6 / 6

POSTGRES

5 / 5

SMB

3 / 3

WINRM

1 / 3

ELASTICSEARCH

3 / 3

RTSP

2 / 2

REDIS

2 / 2

TELNET

1 / 1

$ sikker summary 91.231.89.205

91.231.89.205 has a threat confidence score of 69%. This IP address from France (AS213412, ONYPHE SAS) has been observed in 64 honeypot sessions targeting SMTP, SSH, HTTPS, HTTP, DOCKER and 10 other protocols. First observed on January 20, 2026, most recently active March 21, 2026.

$ sikker behaviors 91.231.89.205catalog →

infoHttp Root Path Request3x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoSmtp Tls Capability Probe3x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

infoFtp Tls Negotiation And Disconnect2x

FTP session where the client issues AUTH TLS to upgrade the connection to TLS and then terminates the session with QUIT without performing further commands. This reflects minimal interaction limited to encryption negotiation and immediate disconnect, commonly observed in capability testing or automated probing.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 91.231.89.205

smtp_ehlo_greeting9 smtp_starttls_upgrade_request9 docker_get_method6 http_method_get3 elastic_http_get_request3 ftp_auth_tls2 ftp_session_quit2 https_path_root1 docker_bad_request_uri1 elastic_root_path_probe1 elastic_http_favicon_path_probe1 elastic_http_bad_request_path_probe1 redis_command_http_connection_close1

$ sikker related 91.231.89.205

Report IP WHOIS Lookup →

IP Address	Confidence	Events
91.231.89.183	61%	116
91.231.89.59	78%	95
91.231.89.179	66%	64
91.231.89.57	73%	85
91.196.152.11	61%	60

IP Address	Confidence	Events
51.91.168.102	99%	629,465
51.83.143.139	90%	71,885
54.38.41.116	87%	24,773
185.249.225.96	95%	497
173.249.46.143	76%	1,583