Check an IP Address, Domain Name, Subnet, or ASN

91.231.89.55 was found in our database!

$ whois 91.231.89.55

country·🇫🇷 France

city·Gravelines

isp·ONYPHE SAS

asn·AS213412

network·Standard

$ sikker risk 91.231.89.55scoring →

confidence

83%Very High

first_seen·Jan 21, 2026

last_seen·1h ago

first_reported·Mar 8, 2026

last_reported·8d ago

sessions·54

events·76

reports·1

$ sikker protocols 91.231.89.55

SSH

9 / 15

HTTPS

9 / 12

REDIS

2 / 8 / 1r

HTTP

5 / 7

FTP

4 / 5

SMB

4 / 5

IMAP

5 / 5

TELNET

4 / 5

SMTP

4 / 4

ELASTICSEARCH

4 / 4

RTSP

1 / 3

SIP

2 / 2

POSTGRES

1 / 1

$ sikker summary 91.231.89.55

91.231.89.55 has a threat confidence score of 83%. This IP address from France (AS213412, ONYPHE SAS) has been observed in 54 honeypot sessions and reported 1 times targeting SSH, HTTPS, REDIS, HTTP, FTP and 8 other protocols. First observed on January 21, 2026, most recently active March 17, 2026.

$ sikker behaviors 91.231.89.55catalog →

lowRtsp Options Probe1x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

infoHttps Root Path Request5x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe2x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoFtp Tls Negotiation And Disconnect1x

FTP session where the client issues AUTH TLS to upgrade the connection to TLS and then terminates the session with QUIT without performing further commands. This reflects minimal interaction limited to encryption negotiation and immediate disconnect, commonly observed in capability testing or automated probing.

$ sikker primitives 91.231.89.55

https_path_root5 elastic_http_get_request4 rtsp_options3 http_method_get3 empty_ftp_command2 http_path_bad_request2 elastic_root_path_probe2 elastic_http_favicon_path_probe2 ftp_auth_tls1 ftp_session_quit1

$ sikker reports 91.231.89.55submit →

Showing 1 of 1 report from 1 contributor

Reporter	Date	Category	Protocol	Comment
User	Mar 8, 2026, 15:12	Brute Force	REDIS	SikkerGuard: 2 blocked packets

$ sikker related 91.231.89.55

Report IP WHOIS Lookup →

IP Address	Confidence	Events
91.230.168.120	66%	66
91.230.168.123	66%	79
91.231.89.7	71%	70
91.231.89.110	70%	68
91.230.168.34	72%	88

IP Address	Confidence	Events
163.5.241.86	86%	3,919
185.255.126.181	80%	390
54.38.94.109	98%	29,271
51.91.168.102	99%	606,226
5.39.101.60	100%	49,557