IP Address

194.165.16.11

IPv4 Public
MC MC
AS48721
Flyservers S.A.
981 Reports
This IP is under Observation Suspicious activity detected - monitor closely
10/10 Threat
68% Confidence
981 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Top 10% High Threat
MC
MC Location
Flyservers S.A. ASN 48721
981 Reports
Honeypot Data Source

Maximum Danger

IP 194.165.16.11, registered in Monaco and operated by Flyservers S.A., is a critical-risk address that has accumulated 968 abuse reports across automated honeypot sensors and community sources since October 2025, with the most recent activity recorded in June 2026. With a threat level of 10/10 and a confidence score of 65%, this IP represents an aggressive and persistent threat actor engaging primarily in general hacking intrusions, web application attacks, and reconnaissance operations against exposed services.

The volume of reports for IP 194.165.16.11 places it among the most reported addresses in comparable threat-intelligence datasets, with detection spanning approximately nine months. Automated honeypot sensors contributed the vast majority of reports (18 sources), supplemented by 2 community-based submissions, indicating both automated scanning activity and deliberate targeting of specific infrastructure. The attack-pattern evidence linked to this IP includes CiscoASA port scan probes, web application reconnaissance, and Suricata alerts documenting anomalous application-layer traffic patterns. Defensive tools such as Fail2ban have already triggered blocks on drupal-enhanced configurations, suggesting attempts to exploit known CMS vulnerabilities. The geographic origin in Monaco and the AS48721 autonomous system operated by Flyservers S.A. provide network context for this sustained malicious activity.

The dominant threat categories observed for this IP reflect a multi-stage attack methodology commonly associated with pre-exploitation reconnaissance and initial compromise attempts. Port scanning activity indicates systematic enumeration of exposed services to identify entry points, while web application attacks suggest probing for vulnerabilities in internet-facing software including content management systems. The SQL injection and database injection attempts imply interest in data exfiltration or backdoor establishment if initial access is achieved. Collectively, these patterns indicate that IP 194.165.16.11 is operated by an actor conducting the reconnaissance and vulnerability-probing phases of an attack chain, with the intent to leverage discovered weaknesses for unauthorized access or data theft.

Site operators should treat connections from IP 194.165.16.11 as hostile and implement immediate blocking at the firewall or network perimeter. Deploying or strengthening a web application firewall will mitigate the observed web app probing and SQL injection attempts. Rate-limiting authentication endpoints and enforcing strong credential policies across content management systems reduces the effectiveness of brute-force activity. Regularly updating and patching internet-facing applications closes the exploitation pathways this IP is actively scanning for, and monitoring logs for the specific attack signatures documented here enables rapid incident response.

More threatening than 92% of monitored IPs

Threat Categories

Hacking 29
Web App Attack 6
Port Scan 4
WP Login Brute Force 1
WP Admin Brute Force 1

Technical Details

General hacking activity includes various intrusion attempts, exploitation of vulnerabilities, and unauthorized access attempts.

Recommended Mitigations

Keep systems patched, implement intrusion detection, and follow security best practices.

Behavioral Analysis

Activity Pattern: Consistent Activity

Steady malicious activity over 2 days indicates persistent threat actor operations.

First Observed 2. June 2026
Last Activity 4. June 2026
Recent (7 days) 7 incidents

Moderate Network Risk

The network hosting this IP (ASN 48721, operated by Flyservers S.A.) shows moderate threat indicators. Some concerning activity has been detected from neighboring addresses.

Consider the network context when assessing this individual IP.

Security Recommendations

Long-term blocking recommended.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 10/10 Critical
Critical
Activity Frequency 8/10 High
Confidence Score 68% High Confidence

Confidence History

20. Dec 2025 - 4. Jun 2026
68% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Web App Attack Honeypot x2 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Port Scan Hacking Honeypot x2 75%
Web App Attack Hacking Honeypot x2 75%
Hacking Port Scan Honeypot x2 75%
Hacking Port Scan Honeypot x2 75%
Hacking Web App Attack Honeypot x2 75%
Web App Attack Hacking Honeypot x2 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Web App Attack Hacking Honeypot x2 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Port Scan Honeypot x2 75%
Web App Attack Hacking Honeypot x2 75%
WP Login Brute Force WP Admin Brute Force Honeypot 75%
10 of 981 shown

Technical Details

Basic Information

IP Address
194.165.16.11
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class C

Geolocation

Country
MC MC
ASN
AS48721
ISP
Flyservers S.A.

DNS Information

Reverse DNS
ptr.flow-metric.com
PTR Record
Yes
Connection Type
Static

Statistics

Total Reports
981
First Reported
20 Oct 2025
Last Reported
4 Jun 2026, 00:31

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS48721
Flyservers S.A.
MC MC

Network Threat Assessment

6/10
This network shows moderate threat levels with some malicious activity patterns.

Network Statistics

4
Total IPs Monitored
980
Total Reports
245
Reports per IP

Network Context

This IP address belongs to Flyservers S.A. (AS48721), which manages 4 IP addresses in our monitoring system. Out of these, 980 have been reported for suspicious activities, resulting in a network-wide threat level of 6/10.

Network warning: This network has elevated threat levels. Exercise caution when interacting with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

92 %

Global Threat Ranking

This IP is more threatening than 92% of all IPs in our database.

Top 10% Most Dangerous

Global Comparison

Compared against 199,335 reported IPs worldwide

Threat Level 10/10 avg: 5.3 ++
Total Reports 981 avg: 23 ++

Network Comparison

Compared against 7 IPs in ASN 48721

Threat Level 10/10 network avg: 6.4 ++
Total Reports 981 network avg: 143 ++
Network Flyservers S.A. has overall threat level 6/10

Geographic Comparison

Compared against 8 IPs in MC

Threat Level 10/10 country avg: 6.9 +
Total Reports 981 country avg: 126 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,017 threat incidents tracked globally • Last 24h: 18,967 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,426 20.5%
  2. 02
    IN
    India IN
    28,977 15.5%
  3. 03
    CN
    China CN
    26,016 13.9%
  4. 04
    BR
    Brazil BR
    10,249 5.5%
  5. 05
    DE
    Germany DE
    7,139 3.8%
  6. 06
    SG
    Singapore SG
    6,475 3.5%
  7. 07
    ID
    Indonesia ID
    5,533 3%
  8. 08
    RU
    Russia RU
    4,701 2.5%
  9. 09
    PK
    Pakistan PK
    4,647 2.5%
  10. 10
    NL
    Netherlands NL
    4,355 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same subnet range, likely same network segment.

6 Related IPs
5.8/10 Avg Threat
32% Avg Confidence
5 High Threat
High-risk network: Majority of related IPs are flagged
194.165.16.16 7/10
Confidence 40%
Reports 2
Location MC MC
29 May 2026
194.165.16.47 7/10
Confidence 40%
Reports 2
Location MC MC
30 May 2026
194.165.16.18 7/10
Confidence 39%
Reports 2
Location MC MC
30 May 2026
194.165.16.8 7/10
Confidence 30%
Reports 12
Location MC MC
12 Feb 2026
194.165.16.22 0/10
Confidence 23%
Reports 1
Location MC MC
25 Mar 2026
194.165.16.71 7/10
Confidence 19%
Reports 1
Location MC MC
30 Sep 2025

IPs from the same country with similar threat profiles.

7 Related IPs
6.4/10 Avg Threat
35% Avg Confidence
6 High Threat
High-risk network: Majority of related IPs are flagged
95.181.233.13 10/10
Confidence 51%
Reports 3
ISP M247 Europe SRL
9 Jun 2026
194.165.16.16 7/10
Confidence 40%
Reports 2
ISP Flyservers S.A.
29 May 2026
194.165.16.47 7/10
Confidence 40%
Reports 2
ISP Flyservers S.A.
30 May 2026
194.165.16.18 7/10
Confidence 39%
Reports 2
ISP Flyservers S.A.
30 May 2026
194.165.16.8 7/10
Confidence 30%
Reports 12
ISP Flyservers S.A.
12 Feb 2026
194.165.16.22 0/10
Confidence 23%
Reports 1
ISP Flyservers S.A.
25 Mar 2026
194.165.16.71 7/10
Confidence 19%
Reports 1
ISP Flyservers S.A.
30 Sep 2025

IPs with similar threat level and confidence scores.

15 Related IPs
9.3/10 Avg Threat
68% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
159.69.99.156 10/10
Confidence 68%
Reports 4,561
Location DE DE
26 Mar 2026
66.132.153.60 10/10
Confidence 68%
Reports 1,351
Location US US
23 Mar 2026
66.132.153.61 10/10
Confidence 68%
Reports 1,298
Location US US
23 Mar 2026
66.132.153.63 10/10
Confidence 68%
Reports 1,290
Location US US
23 Mar 2026
66.132.153.57 10/10
Confidence 68%
Reports 1,228
Location US US
23 Mar 2026
66.132.153.52 10/10
Confidence 68%
Reports 1,173
Location US US
23 Mar 2026
91.92.242.109 10/10
Confidence 68%
Reports 876
Location NL NL
3 Apr 2026
77.83.39.156 7/10
Confidence 68%
Reports 718
Location UA UA
19 Mar 2026
164.92.205.72 10/10
Confidence 68%
Reports 494
Location DE DE
1 Nov 2025
204.76.203.192 10/10
Confidence 68%
Reports 458
Location NL NL
30 Sep 2025
178.62.53.116 10/10
Confidence 68%
Reports 450
Location GB GB
25 Oct 2025
142.93.141.251 10/10
Confidence 68%
Reports 386
Location NL NL
5 Feb 2026
62.60.130.65 7/10
Confidence 68%
Reports 346
Location IR IR
24 Mar 2026
45.183.247.34 8/10
Confidence 68%
Reports 323
Location CO CO
7 Nov 2025
107.189.22.56 7/10
Confidence 68%
Reports 304
Location NL NL
10 Mar 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "194.165.16.11",
    "threat_level": 10,
    "confidence_score": 68,
    "total_reports": 981,
    "country_code": "MC",
    "isp_name": "Flyservers S.A.",
    "asn": "48721",
    "first_reported": "2025-10-20 06:57:18",
    "last_reported": "2026-06-04 00:31:43",
    "exported_at": "2026-06-09T07:59:10+02:00",
    "source": "https://reportedip.de/ip/194.165.16.11/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses