Critical Alert
IP 91.231.89.247 is a critical-risk address linked to sustained hacking activity, having generated 199 abuse reports from automated honeypot sensors between December 2025 and June 2026, with a threat level of 10 out of 10 indicating severe and confirmed malicious behavior.
The evidence base for this assessment is substantial: 20 distinct hacking-related reports were recorded, with an activity frequency rating of 8 out of 10 suggesting near-continuous engagement in hostile operations. The 85% confidence score reflects strong analytical consensus that this IP is intentionally conducting unauthorized access attempts rather than exhibiting benign traffic patterns. Geographically located in France and operating through AS213412 under the network operator ONYPHE SAS, the consistent detection window spanning approximately six months demonstrates persistent rather than opportunistic behavior. The sustained volume of reports combined with the maximum threat score firmly establishes this address as a confirmed source of malicious probing activity targeting exposed services.
The dominant threat category, general hacking activity, encompasses a spectrum of intrusion techniques including vulnerability exploitation, authentication brute-forcing, and systematic scanning for entry points into target systems. With 199 total reports and sustained detection over six months, this IP poses a concrete risk to any exposed service, particularly those relying on weak authentication mechanisms or unpatched software. The consistent pattern of connection attempts indicates automated scanning tools are being leveraged to identify and compromise vulnerable targets at scale, amplifying the potential impact across multiple victim networks simultaneously.
Site operators should implement immediate defensive measures including blocking or rate-limiting connections from this IP at the firewall level, enforcing strong password policies and multi-factor authentication on all accessible services, maintaining rigorous security patching cycles to eliminate known vulnerabilities, and deploying intrusion detection systems or fail2ban-style tools to automatically mitigate repeated attack patterns. Continuous monitoring of authentication logs for brute-force signatures is strongly recommended to detect emerging threats in real time and maintain situational awareness of scanning activity from this and similar hostile addresses.
US 
RO 
IR 
ES 
BG 
EE