Maximum Danger
IP address 91.230.168.136 represents a high-risk threat actor with a maximum threat level of 10 out of 10 and a 94% confidence score, based on 158 total abuse reports submitted through automated honeypot sensors. The dominant activity associated with this address is hacking behavior, including intrusion attempts and exploitation of vulnerable services. This IP has demonstrated persistent, high-frequency hostile activity over a six-month period, making it a clear candidate for immediate blocking at the network perimeter.
The address routes through AS213412, operated by ONYPHE SAS, a network entity registered in the United States. Automated honeypot sensors logged activity from January 2026 through June 2026, yielding a consistent stream of reports with an activity frequency rating of 8 out of 10. The volume and regularity of these detections indicate automated scanning infrastructure rather than opportunistic manual probing, suggesting the operator behind this address systematically sweeps targets across multiple networks simultaneously.
The hacking activity attributed to 91.230.168.136 encompasses various intrusion patterns, including connection attempts targeting exposed services in hopes of exploiting known vulnerabilities or misconfigurations. Such automated attacks pose tangible risks to any organization running unpatched software, default credentials, or exposed administrative interfaces. If successful, these intrusion attempts can lead to unauthorized data access, lateral movement within networks, or recruitment of assets into botnets.
Network defenders should treat this IP as hostile and implement defensive controls accordingly. Recommended measures include adding 91.230.168.136 to deny lists at the firewall or edge device level, implementing rate-limiting on authentication endpoints to slow brute-force attempts, and deploying fail2ban or similar tools to automatically ban repeated offenders. Organizations should also audit exposed services for patch currency, enforce multi-factor authentication on administrative accounts, and monitor logs for patterns consistent with the connection behavior observed from this source. Regular review of inbound traffic against emerging abuse feeds will help maintain protection as threat landscapes evolve.
FR 
RO 
SE 
TR