IOC Radar
IPMediumSignal 54/100

91.231.89.165

Location
FranceFrance
Gravelines, Hauts-de-France
ASN
AS213412
ONYPHE
First Seen
Jul 11, 2025
Last Seen
Jun 10, 2026
Jul 11
First Seen
334d ago
Jun 10
Last Seen
today
16
Reports
source reports
54%
Confidence
medium
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

39 techniques

Network Information

CountryFRFrance
RegionGravelines, Hauts-de-France
ASNAS213412
OrganizationONYPHE

Feed Intelligence Summary

16 reports54% confidence
16
Source reports
54%
Confidence score
Category tags
abuseactive scanactive scanningactor listagentalertapplication layer protocolaptattackaustraliabad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcebrute_forcec2c2 communicationcins activecisco devicecisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscommand & controlcommand and controlcommunication protocolconpot activityconpot exploitationconpot honeypotcowriecowrie activitycowrie attackcowrie honeypotcredential accesscredential harvestingcredential stuffingcredential_accesscvecve exploitationdata encryptiondata exfiltrationdata store exposuredatabase attackddosddos attackddos attack preparationdecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea attackdionaea honeypotdistributed attacksdnsdns attackdshield blockencryptionenterprise networkinget dropeuropeexploitexploit kitexploitationexploitation activityexploited hostfattfrfrancefraud voipftpftp brute forcehackinghoneytrap honeypothttp scannerhttpsicmpics securityidentity & access exploitationinbound scanindicatorindustrial control systemsinitial accessinjection activityiot device targetingiot securityiot/ics attackirclamplamp stack attacklateral movementlisted sourcemailoney honeypotmalicious activitymalicious softwaremalicious trafficmalicious_activitymalwaremalware behaviourmalware capturemalware distributionmalware propagationmisp threatnetworknetwork discoverynetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_intrusionoceaniaonyphe-benignopen threatotx pulsenametip0fpassword attacksphishingphishing attackphishing trappingpinyinpla unitpoor reputationportprivilege escalationprocess injectionprotoprotocol exploitationransomwarereconnaissanceremote accessremote servicesremote system discoveryresearchedresource hijackingsansscams & fraudscannerscanning activityscripting attackssensor-taggedsentrypeer botnetservice scansftp access attemptsftp attacksip attackssip brute forcesip scanningsip vulnerability scansmtpsocial engineeringspamsshssh attackssh monitoringsystem accesssystem discoveryt-pott1018t1021t1021.001t1040t1041t1046t1053t1055t1059t1059.007t1071t1071.001t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1573t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedti advisorytor nodetpottpotcetsocunit coververified-benignvnc protocolvoipvoip attackvulnerability scanvulnerability-exploitationweb app attackweb application attackweb application scanningweb attackweb exploitweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
16
Reports
First seenJul 11, 2025
Last seenJun 10, 2026
GeolocationFR
CountryFrance
LocationGravelines, Hauts-de-France
ASNAS213412
OrgONYPHE
Coords50.9871, 2.1255

VirusTotal

Not checked

WHOIS

description
Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan, abuseipdb:reported. 91.231.89.165 classified as automated brute-force attacker targeting SSH/Telnet credentials (high confidence). Origin: enriched. Listed on: FireHOL (firehol_level3); AbuseIPDB (brute-force, critical, exploited-host).
raw
inetnum: 91.231.89.0 - 91.231.89.255 geofeed: https://www.onyphe.io/geofeed.csv remarks: We are conducting Internet-scale network scanning to provide information remarks: for cyber defense purposes. We scan the full IPv4 address space and part remarks: of IPv6 address space. We are in no way targeting you specifically, you remarks: are just part of what is connected on the Internet. Our complete list remarks: of our IP ranges is available here: https://www.onyphe.io/ip-ranges.txt remarks: Opt-out by sending your IP ranges at: abuse at onyphe dot io descr: -----BEGIN TOKEN-----a98a05ac40ade1d4135ddd523e9353074e373301e28e7d88a7e6349edb03e450ee409b1aaa323d36638426dbd62e6793ac822688db8516dac3225ddbf3e04be5-----END TOKEN----- netname: FR-ONYPHE-20191111 country: FR org: ORG-OS381-RIPE admin-c: AA44525-RIPE tech-c: AA44525-RIPE status: ALLOCATED PA mnt-by: lir-fr-onyphe-1-MNT mnt-by: RIPE-NCC-HM-MNT created: 2025-05-09T12:36:09Z last-modified: 2025-05-09T13:08:59Z source: RIPE organisation: ORG-OS381-RIPE org-name: ONYPHE SAS country: FR org-type: LIR address: 1 bis rue d'Ouessant - BP 96241 address: 35762 address: SAINT GREGOIRE address: FRANCE phone: +33 (0) 972 66 1884 admin-c: AA44525-RIPE tech-c: AA44525-RIPE abuse-c: AR77640-RIPE mnt-ref: lir-fr-onyphe-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-fr-onyphe-1-MNT created: 2025-02-05T16:10:26Z last-modified: 2025-02-06T10:40:19Z source: RIPE # Filtered role: Admin address: FRANCE address: SAINT GREGOIRE address: 35762 address: 1 bis rue d'Ouessant - BP 96241 phone: +33 (0) 972 66 1884 nic-hdl: AA44525-RIPE mnt-by: lir-fr-onyphe-1-MNT created: 2025-02-05T16:10:25Z last-modified: 2025-02-14T13:05:35Z source: RIPE # Filtered route: 91.231.89.0/24 origin: AS213412 mnt-by: lir-fr-onyphe-1-MNT created: 2025-05-09T12:50:16Z last-modified: 2025-05-09T12:50:16Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen today
Appeared in 16 threat reports