IP Address

171.25.158.47

IPv4 Public
SE SE
AS35100
Patrik Lagerman
232 Reports
This IP is on the Blacklist High confidence threat - blocking recommended
10/10 Threat
83% Confidence
232 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Top 5% Most Dangerous
SE
SE Location
Patrik Lagerman ASN 35100
232 Reports
Honeypot Data Source

Critical Threat

IP 171.25.158.47 is a critical-risk address linked to sustained SSH brute-force attacks, with 227 abuse reports and a confirmed 10/10 threat level supported by automated honeypot detection across multiple sensors spanning five months of documented malicious activity.

The Swedish IP, registered to AS35100 under operator Patrik Lagerman, has been actively targeting SSH services since January 2026, with the most recent reports received in May 2026. Automated honeypot sensors have logged 20 separate confirmations of brute-force login attempts originating from this address. Abstracted fail2ban telemetry reveals escalating violation counts across multiple honeypot instances, indicating persistent and repeated authentication attack campaigns rather than isolated scanning. The IP reputation for this address has been severely degraded by this concentrated, deliberate focus on compromising SSH credentials.

SSH brute-force attacks systematically attempt to gain unauthorized server access by cycling through username and password combinations, exploiting weak or default credentials on exposed SSH daemons. This attack vector poses a direct threat to any internet-facing Linux or Unix server running an accessible SSH service, as successful authentication grants the attacker a functional shell with the compromised user's privileges. The documented pattern of escalating violation counts demonstrates an active, determined adversary willing to sustain repeated login attempts over extended periods against multiple targets.

Site operators should immediately block IP 171.25.158.47 at the firewall level and monitor authentication logs for any matching connection attempts. Deploying fail2ban or equivalent intrusion-prevention tools to automatically ban IPs with excessive failed login attempts is strongly recommended. SSH configurations should enforce key-based authentication exclusively, disable direct root login, and consider moving the service to a non-default port to reduce exposure. Organizations with publicly accessible SSH services should implement account lockout policies and consider geographic or IP-based access restrictions where feasible.

More threatening than 95% of monitored IPs

Threat Categories

SSH 29
Hacking 3
Exploited Host 1

Technical Details

SSH attacks attempt to gain server access through password guessing or exploitation of SSH vulnerabilities.

Recommended Mitigations

Use key-based authentication, change default ports, implement fail2ban, and disable root login.

Behavioral Analysis

Activity Pattern: Consistent Activity

Steady malicious activity over 4 weeks indicates persistent threat actor operations.

First Observed 11. May 2026
Last Activity 8. June 2026
Recent (7 days) 4 incidents

Reputable Network

This IP is hosted on a network (ASN 35100) with generally good reputation. The ISP Patrik Lagerman maintains standard security practices.

The malicious activity may represent an isolated compromised system rather than systematic abuse.

Security Recommendations

Long-term blocking recommended.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 10/10 Critical
Critical
Activity Frequency 6/10 Moderate
Confidence Score 83% Verified

Confidence History

23. Apr 2026 - 8. Jun 2026
83% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
New SSH Honeypot x2 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Hacking Honeypot x2 75%
Exploited Host Honeypot 75%
Hacking SSH Honeypot x2 75%
SSH Hacking Honeypot x2 75%
10 of 232 shown

Technical Details

Basic Information

IP Address
171.25.158.47
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class B

Geolocation

Country
SE SE
ASN
AS35100
ISP
Patrik Lagerman

DNS Information

Reverse DNS
None
PTR Record
No
Connection Type
Static

Statistics

Total Reports
232
First Reported
22 Jan 2026
Last Reported
8 Jun 2026, 21:43

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS35100
Patrik Lagerman
SE SE

Network Threat Assessment

1/10
This network appears to be relatively clean with very low threat indicators.

Network Statistics

13
Total IPs Monitored
696
Total Reports
53.5
Reports per IP

Network Context

This IP address belongs to Patrik Lagerman (AS35100), which manages 13 IP addresses in our monitoring system. Out of these, 696 have been reported for suspicious activities, resulting in a network-wide threat level of 1/10.

Network status: This network appears to be well-maintained with low threat indicators.

Comparative Analysis

How this IP compares to others in our threat intelligence database

95 %

Global Threat Ranking

This IP is more threatening than 95% of all IPs in our database.

Top 10% Most Dangerous

Global Comparison

Compared against 199,325 reported IPs worldwide

Threat Level 10/10 avg: 5.3 ++
Total Reports 232 avg: 23 ++

Network Comparison

Compared against 14 IPs in ASN 35100

Threat Level 10/10 network avg: 8.9 =
Total Reports 232 network avg: 68 ++
Network Patrik Lagerman has overall threat level 1/10

Geographic Comparison

Compared against 1,018 IPs in SE

Threat Level 10/10 country avg: 5.6 ++
Total Reports 232 country avg: 19 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,017 threat incidents tracked globally • Last 24h: 18,967 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,426 20.5%
  2. 02
    IN
    India IN
    28,977 15.5%
  3. 03
    CN
    China CN
    26,016 13.9%
  4. 04
    BR
    Brazil BR
    10,249 5.5%
  5. 05
    DE
    Germany DE
    7,139 3.8%
  6. 06
    SG
    Singapore SG
    6,475 3.5%
  7. 07
    ID
    Indonesia ID
    5,533 3%
  8. 08
    RU
    Russia RU
    4,701 2.5%
  9. 09
    PK
    Pakistan PK
    4,647 2.5%
  10. 10
    NL
    Netherlands NL
    4,355 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same subnet range, likely same network segment.

12 Related IPs
8.8/10 Avg Threat
83% Avg Confidence
10 High Threat
High-risk network: Majority of related IPs are flagged
171.25.158.58 10/10
Confidence 100%
Reports 56
Location SE SE
9 Jun 2026
171.25.158.24 10/10
Confidence 99%
Reports 71
Location SE SE
9 Jun 2026
171.25.158.82 10/10
Confidence 99%
Reports 67
Location SE SE
7 Jun 2026
171.25.158.80 10/10
Confidence 99%
Reports 37
Location SE SE
4 Jun 2026
171.25.158.74 10/10
Confidence 96%
Reports 86
Location SE SE
3 Jun 2026
171.25.158.70 10/10
Confidence 95%
Reports 124
Location SE SE
8 Jun 2026
171.25.158.68 10/10
Confidence 93%
Reports 94
Location SE SE
7 Jun 2026
171.25.158.57 10/10
Confidence 90%
Reports 115
Location SE SE
8 Jun 2026
171.25.158.53 10/10
Confidence 90%
Reports 15
Location SE SE
22 Apr 2026
171.25.158.73 10/10
Confidence 77%
Reports 53
Location SE SE
11 Apr 2026
171.25.158.54 0/10
Confidence 30%
Reports 1
Location SE SE
16 Mar 2026
171.25.158.113 6/10
Confidence 23%
Reports 1
Location SE SE
6 Jun 2026

IPs from the same country with similar threat profiles.

15 Related IPs
9.6/10 Avg Threat
98% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
192.109.200.101 8/10
Confidence 100%
Reports 266
ISP Pfcloud UG (haf...
9 Jun 2026
192.176.172.166 8/10
Confidence 100%
Reports 248
ISP Kepler Technolo...
1 Jun 2026
83.68.248.161 10/10
Confidence 100%
Reports 94
ISP Arkaden Konsult AB
8 Jun 2026
171.25.158.58 10/10
Confidence 100%
Reports 56
ISP Patrik Lagerman
9 Jun 2026
4.225.39.110 10/10
Confidence 100%
Reports 53
ISP Microsoft Corpo...
11 May 2026
192.109.200.237 10/10
Confidence 100%
Reports 35
ISP Pfcloud UG (haf...
18 May 2026
171.25.158.24 10/10
Confidence 99%
Reports 71
ISP Patrik Lagerman
9 Jun 2026
171.25.158.82 10/10
Confidence 99%
Reports 67
ISP Patrik Lagerman
7 Jun 2026
171.25.158.80 10/10
Confidence 99%
Reports 37
ISP Patrik Lagerman
4 Jun 2026
90.143.178.70 10/10
Confidence 97%
Reports 26
ISP Tele2 SWIPnet
2 Jun 2026
195.47.238.177 10/10
Confidence 96%
Reports 131
ISP No ACK Group Ho...
21 Jan 2026
171.25.158.74 10/10
Confidence 96%
Reports 86
ISP Patrik Lagerman
3 Jun 2026
195.47.238.91 8/10
Confidence 96%
Reports 77
ISP No ACK Group Ho...
21 Jan 2026
171.25.158.70 10/10
Confidence 95%
Reports 124
ISP Patrik Lagerman
8 Jun 2026
185.246.128.133 10/10
Confidence 94%
Reports 5,108
ISP w1n ltd
9 Jun 2026

IPs with similar threat level and confidence scores.

15 Related IPs
8.8/10 Avg Threat
83% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
2a01:04f8:c012:4640:0000:0000:0000:0001 10/10
Confidence 83%
Reports 19,889
Location DE DE
9 Jun 2026
207.90.244.21 8/10
Confidence 83%
Reports 12,272
Location US US
9 Jun 2026
207.90.244.22 8/10
Confidence 83%
Reports 12,092
Location US US
9 Jun 2026
147.182.202.179 8/10
Confidence 83%
Reports 7,631
Location US US
9 Jun 2026
130.12.181.108 8/10
Confidence 83%
Reports 3,208
Location DE DE
6 Jun 2026
130.12.181.100 8/10
Confidence 83%
Reports 3,068
Location DE DE
6 Jun 2026
2.57.122.208 10/10
Confidence 83%
Reports 2,772
Location RO RO
13 May 2026
137.184.190.246 8/10
Confidence 83%
Reports 1,973
Location US US
9 Jun 2026
80.94.92.71 10/10
Confidence 83%
Reports 1,718
Location RO RO
3 Jun 2026
64.62.197.197 8/10
Confidence 83%
Reports 581
Location US US
9 Jun 2026
80.94.92.184 10/10
Confidence 83%
Reports 577
Location RO RO
4 Jun 2026
65.49.1.162 8/10
Confidence 83%
Reports 562
Location US US
9 Jun 2026
167.94.146.49 8/10
Confidence 83%
Reports 552
Location US US
9 Jun 2026
77.90.185.17 10/10
Confidence 83%
Reports 448
Location DE DE
9 Jun 2026
14.18.190.138 10/10
Confidence 83%
Reports 437
Location CN CN
9 Jun 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "171.25.158.47",
    "threat_level": 10,
    "confidence_score": 83,
    "total_reports": 232,
    "country_code": "SE",
    "isp_name": "Patrik Lagerman",
    "asn": "35100",
    "first_reported": "2026-01-22 06:21:25",
    "last_reported": "2026-06-08 21:43:12",
    "exported_at": "2026-06-09T07:53:50+02:00",
    "source": "https://reportedip.de/ip/171.25.158.47/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses