IP Address

87.120.191.23

IPv4 Public
US US
AS215925
Vpsvault.host Ltd
457 Reports
This IP is on the Blacklist High confidence threat - blocking recommended
10/10 Threat
94% Confidence
457 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Top 5% Most Dangerous
US
US Location
Vpsvault.host Ltd ASN 215925
457 Reports
Honeypot Data Source

Critical Alert

IP 87.120.191.23 is a critical-risk address associated with 457 documented abuse reports for hacking activity, representing one of the most dangerous IPs recently flagged in automated honeypot detection systems. With a threat level of 10/10 and a 94% confidence score, this address operated by Vpsvault.host Ltd via AS215925 has been actively targeting vulnerable services since November 2025, with the most recent reports filed in December 2025.

The volume and consistency of malicious traffic originating from this IP are significant. All 457 reports were generated by automated honeypot sensors, indicating sustained, automated attack infrastructure rather than opportunistic scanning. While activity frequency is measured at 3/10, the sheer number of independent detections over a two-month period demonstrates persistent probing behavior. The geographic location in the United States and the VPS hosting provider association suggest this is a commercial or state-sponsored operation rather than a compromised end-user device, increasing the likelihood of sophisticated evasion techniques.

Hacking activity encompasses a broad spectrum of intrusion methodologies including vulnerability exploitation, credential attacks, and unauthorized system access attempts. This classification indicates the address has been observed executing concrete exploitation sequences rather than mere reconnaissance, posing direct risk to any exposed service. Organizations running outdated software or misconfigured network services face the highest exposure to compromise through such infrastructure.

Site operators should immediately block this IP at the firewall level and implement automated blocking via tools such as fail2ban to prevent repeated connection attempts. Maintaining strict patching schedules for all internet-facing services eliminates the vulnerabilities most commonly targeted by this threat category. Deploying network-level intrusion detection and establishing real-time abuse report monitoring provides additional layers of defense against ongoing and future targeting from similar infrastructure.

More threatening than 98% of monitored IPs

Threat Categories

Hacking 30

Technical Details

General hacking activity includes various intrusion attempts, exploitation of vulnerabilities, and unauthorized access attempts.

Recommended Mitigations

Keep systems patched, implement intrusion detection, and follow security best practices.

Reputable Network

This IP is hosted on a network (ASN 215925) with generally good reputation. The ISP Vpsvault.host Ltd maintains standard security practices.

The malicious activity may represent an isolated compromised system rather than systematic abuse.

Security Recommendations

Continue monitoring for emerging patterns.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 10/10 Critical
Critical
Activity Frequency 3/10 Low
Confidence Score 59% High Confidence

Confidence History

26. Dec 2025 - 29. Dec 2025
94% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
10 of 457 shown

Technical Details

Basic Information

IP Address
87.120.191.23
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class A

Geolocation

Country
US US
ASN
AS215925
ISP
Vpsvault.host Ltd

DNS Information

Reverse DNS
None
PTR Record
No
Connection Type
Static

Statistics

Total Reports
457
First Reported
21 Nov 2025
Last Reported
29 Dec 2025, 05:03

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS215925
Vpsvault.host Ltd
US US

Network Threat Assessment

3/10
This network appears to be relatively clean with very low threat indicators.

Network Statistics

119
Total IPs Monitored
27,203
Total Reports
228.6
Reports per IP

Network Context

This IP address belongs to Vpsvault.host Ltd (AS215925), which manages 119 IP addresses in our monitoring system. Out of these, 27,203 have been reported for suspicious activities, resulting in a network-wide threat level of 3/10.

Network status: This network appears to be well-maintained with low threat indicators.

Comparative Analysis

How this IP compares to others in our threat intelligence database

98 %

Global Threat Ranking

This IP is more threatening than 98% of all IPs in our database.

Top 10% Most Dangerous

Global Comparison

Compared against 199,335 reported IPs worldwide

Threat Level 10/10 avg: 5.3 ++
Total Reports 457 avg: 23 ++

Network Comparison

Compared against 157 IPs in ASN 215925

Threat Level 10/10 network avg: 8.4 +
Total Reports 457 network avg: 184 ++
Network Vpsvault.host Ltd has overall threat level 3/10

Geographic Comparison

Compared against 38,426 IPs in US

Threat Level 10/10 country avg: 5.9 ++
Total Reports 457 country avg: 41 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,017 threat incidents tracked globally • Last 24h: 18,967 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US THIS IP
    38,426 20.5%
  2. 02
    IN
    India IN
    28,977 15.5%
  3. 03
    CN
    China CN
    26,016 13.9%
  4. 04
    BR
    Brazil BR
    10,249 5.5%
  5. 05
    DE
    Germany DE
    7,139 3.8%
  6. 06
    SG
    Singapore SG
    6,475 3.5%
  7. 07
    ID
    Indonesia ID
    5,533 3%
  8. 08
    RU
    Russia RU
    4,701 2.5%
  9. 09
    PK
    Pakistan PK
    4,647 2.5%
  10. 10
    NL
    Netherlands NL
    4,355 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same Autonomous System (AS) network provider.

20 Related IPs
9/10 Avg Threat
96% Avg Confidence
20 High Threat
High-risk network: Majority of related IPs are flagged
87.121.84.30 8/10
Confidence 100%
Reports 295
Location US US
20 Apr 2026
87.121.84.81 8/10
Confidence 99%
Reports 152
Location US US
20 Apr 2026
87.121.84.126 8/10
Confidence 97%
Reports 259
Location US US
20 Apr 2026
87.121.84.80 10/10
Confidence 97%
Reports 210
Location US US
21 Apr 2026
87.121.84.82 8/10
Confidence 97%
Reports 209
Location US US
21 Apr 2026
87.121.84.127 8/10
Confidence 97%
Reports 195
Location US US
21 Apr 2026
87.121.84.119 8/10
Confidence 97%
Reports 162
Location US US
21 Apr 2026
87.121.84.121 8/10
Confidence 97%
Reports 149
Location US US
21 Apr 2026
87.121.84.125 8/10
Confidence 97%
Reports 112
Location US US
20 Apr 2026
87.121.84.130 8/10
Confidence 97%
Reports 110
Location US US
21 Apr 2026
87.121.84.120 8/10
Confidence 96%
Reports 129
Location US US
20 Apr 2026
45.205.1.110 10/10
Confidence 94%
Reports 2,318
Location US US
20 May 2026
45.198.224.18 10/10
Confidence 94%
Reports 1,072
Location US US
9 Jun 2026
45.198.224.5 10/10
Confidence 94%
Reports 882
Location US US
9 Jun 2026
45.205.1.8 10/10
Confidence 94%
Reports 704
Location US US
12 May 2026
45.205.1.26 10/10
Confidence 94%
Reports 312
Location US US
4 May 2026
87.121.84.40 10/10
Confidence 94%
Reports 188
Location US US
20 May 2026
87.121.84.51 10/10
Confidence 94%
Reports 65
Location US US
6 Feb 2026
45.198.224.138 10/10
Confidence 94%
Reports 64
Location US US
7 Jun 2026
45.198.224.85 10/10
Confidence 94%
Reports 52
Location US US
2 Jun 2026

IPs from the same subnet range, likely same network segment.

20 Related IPs
8.5/10 Avg Threat
53% Avg Confidence
17 High Threat
High-risk network: Majority of related IPs are flagged
87.120.191.124 10/10
Confidence 77%
Reports 547
Location US US
5 Dec 2025
87.120.191.125 10/10
Confidence 75%
Reports 301
Location US US
29 Nov 2025
87.120.191.65 10/10
Confidence 66%
Reports 720
Location US US
1 Mar 2026
87.120.191.81 10/10
Confidence 66%
Reports 156
Location US US
19 Feb 2026
87.120.191.84 10/10
Confidence 65%
Reports 52
Location US US
5 Nov 2025
87.120.191.37 10/10
Confidence 64%
Reports 122
Location US US
18 Oct 2025
87.120.191.91 10/10
Confidence 64%
Reports 25
Location US US
13 Oct 2025
87.120.191.13 10/10
Confidence 63%
Reports 13,131
Location US US
19 Feb 2026
87.120.191.93 10/10
Confidence 61%
Reports 15
Location US US
22 Mar 2026
87.120.191.67 10/10
Confidence 58%
Reports 309
Location US US
24 Feb 2026
87.120.191.121 10/10
Confidence 58%
Reports 10
Location US US
18 Nov 2025
87.120.191.94 10/10
Confidence 48%
Reports 8
Location US US
29 Nov 2025
87.120.191.6 10/10
Confidence 44%
Reports 9
Location US US
24 Aug 2025
87.120.191.127 0/10
Confidence 40%
Reports 2
Location US US
19 Mar 2026
87.120.191.21 10/10
Confidence 39%
Reports 4
Location US US
29 Nov 2025
87.120.191.90 10/10
Confidence 38%
Reports 5
Location US US
13 Oct 2025
87.120.191.97 0/10
Confidence 38%
Reports 2
Location US US
27 Mar 2026
87.120.191.70 10/10
Confidence 36%
Reports 7
Location US US
1 Oct 2025
87.120.191.104 10/10
Confidence 33%
Reports 6
Location US US
16 Oct 2025
87.120.191.53 0/10
Confidence 30%
Reports 2
Location US US
8 Feb 2026

IPs from the same country with similar threat profiles.

15 Related IPs
8.3/10 Avg Threat
100% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
208.109.188.137 8/10
Confidence 100%
Reports 514
ISP GO-DADDY-COM-LLC
9 Jun 2026
50.6.7.129 8/10
Confidence 100%
Reports 447
ISP ORACLE-BMC-31898
22 May 2026
72.167.150.128 8/10
Confidence 100%
Reports 429
ISP GO-DADDY-COM-LLC
27 May 2026
50.6.229.148 8/10
Confidence 100%
Reports 346
ISP ORACLE-BMC-31898
9 May 2026
87.121.84.30 8/10
Confidence 100%
Reports 295
ISP Vpsvault.host Ltd
20 Apr 2026
50.6.226.221 10/10
Confidence 100%
Reports 223
ISP ORACLE-BMC-31898
2 Mar 2026
31.57.184.107 8/10
Confidence 100%
Reports 202
ISP Netiface LLC
3 Jun 2026
64.31.25.250 8/10
Confidence 100%
Reports 176
ISP Limestone Netwo...
8 Jun 2026
74.206.180.196 8/10
Confidence 100%
Reports 143
ISP MOJOHOST
4 Jun 2026
35.226.7.126 8/10
Confidence 100%
Reports 131
ISP Google LLC
18 May 2026
147.135.37.185 8/10
Confidence 100%
Reports 131
ISP OVH SAS
14 May 2026
162.241.152.21 8/10
Confidence 100%
Reports 126
ISP Network Solutio...
8 Jun 2026
38.95.35.74 8/10
Confidence 100%
Reports 112
ISP Limestone Netwo...
2 Jun 2026
50.6.169.131 8/10
Confidence 100%
Reports 106
ISP Network Solutio...
6 Jun 2026
162.214.206.32 10/10
Confidence 100%
Reports 98
ISP Unified Layer
30 May 2026

IPs with similar threat level and confidence scores.

15 Related IPs
9.7/10 Avg Threat
94% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
193.32.162.28 10/10
Confidence 94%
Reports 5,435
Location RO RO
25 May 2026
51.68.207.118 10/10
Confidence 94%
Reports 5,251
Location FR FR
9 Jun 2026
185.246.128.133 10/10
Confidence 94%
Reports 5,108
Location SE SE
9 Jun 2026
185.233.247.245 8/10
Confidence 94%
Reports 3,686
Location TR TR
6 Jun 2026
49.12.27.102 10/10
Confidence 94%
Reports 3,548
Location DE DE
8 Jun 2026
128.199.240.7 10/10
Confidence 94%
Reports 3,512
Location SG SG
25 May 2026
162.55.119.195 10/10
Confidence 94%
Reports 3,404
Location DE DE
30 Apr 2026
66.132.172.162 10/10
Confidence 94%
Reports 3,321
Location US US
9 Jun 2026
66.132.172.165 10/10
Confidence 94%
Reports 3,320
Location US US
9 Jun 2026
66.132.172.175 10/10
Confidence 94%
Reports 3,314
Location US US
9 Jun 2026
66.132.172.164 10/10
Confidence 94%
Reports 3,304
Location US US
9 Jun 2026
66.132.172.167 10/10
Confidence 94%
Reports 3,299
Location US US
9 Jun 2026
66.132.172.171 10/10
Confidence 94%
Reports 3,284
Location US US
9 Jun 2026
66.132.172.160 8/10
Confidence 94%
Reports 3,269
Location US US
9 Jun 2026
66.132.172.161 10/10
Confidence 94%
Reports 3,268
Location US US
9 Jun 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "87.120.191.23",
    "threat_level": 10,
    "confidence_score": 94,
    "total_reports": 457,
    "country_code": "US",
    "isp_name": "Vpsvault.host Ltd",
    "asn": "215925",
    "first_reported": "2025-11-21 20:28:51",
    "last_reported": "2025-12-29 05:03:49",
    "exported_at": "2026-06-09T07:59:05+02:00",
    "source": "https://reportedip.de/ip/87.120.191.23/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses