Critical Alert
IP 91.231.89.81 is a high-risk address linked to sustained hacking activity, operated by ONYPHE SAS under ASN AS213412 in France, with a maximum threat level of 10/10 based on 550 total abuse reports filed over approximately ten months between August 2025 and June 2026. The IP demonstrates an activity frequency rating of 8/10, indicating persistent and repeated malicious engagement rather than isolated scanning bursts. All recent reports categorise the observed activity as hacking-related intrusion attempts, making this one of the most actively reported addresses in the dataset during the specified timeframe.
The detection evidence is substantial: automated honeypot sensors across the network logged the full volume of 550 reports, with every one of the twenty most recent submissions confirming hacking activity. The 73% confidence score reflects strong attribution consensus among detection sources despite the inherent challenges of identifying intent definitively from network telemetry alone. The sustained report rate over a multi-month window, combined with one-directional protocol anomalies detected by sensor rules, paints a consistent picture of systematic probing behaviour targeting exposed services.
The dominant hacking classification encompasses a broad range of intrusion techniques, including vulnerability scanning, exploitation attempts, and unauthorised access probes. Attack patterns observed include anomalous protocol detection flags where automated sensors identified communication occurring in only one direction—a hallmark of reconnaissance sweeps where threat actors probe target infrastructure before escalating to more targeted exploitation. For any exposed service, this pattern represents a concrete pre-cursor to more damaging compromise attempts, as reconnaissance data gathered during these sweeps can inform subsequent credential stuffing or exploit delivery campaigns.
Site operators should implement immediate blocking of 91.231.89.81 at network perimeter devices such as firewalls or intrusion prevention systems. Deploying automated defensive tools like fail2ban can detect and auto-respond to similar brute-force patterns in real time. Rate-limiting incoming connections on exposed administrative interfaces and enforcing strong, unique credentials on all remote access services significantly reduces the effectiveness of these intrusion attempts. Ongoing monitoring for related scanning signatures and periodic review of blocklists ensures protection against the persistent threat this IP represents.
US 
BG 
UA 
RO 
SE 
HK 
GB