IP Address

64.188.91.248

IPv4 Public
DE DE
AS215730
H2nexus Ltd
2,232 Reports
This IP is under Observation Suspicious activity detected - monitor closely
10/10 Threat
63% Confidence
2,232 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Top 10% High Threat
DE
DE Location
H2nexus Ltd ASN 215730
2,232 Reports
Honeypot Data Source

Maximum Danger

IP 64.188.91.248 is a high-risk address associated with VNC brute-force attacks and broader hacking activity, accumulating 2,232 abuse reports from automated honeypot sensors within a three-month window from January to March 2026, making it a clear candidate for blocking at the network perimeter.

The address operates through AS215730 under H2nexus Ltd and is geolocated in Germany, a jurisdiction that does not inherently suggest malicious hosting; however, the concentration of 22 distinct threat events across 20 separate honeypot detection points indicates deliberate, systematic scanning behaviour rather than incidental traffic. The dominant detection signature, flagged by Suricata as a broken-ack stream anomaly during a VNC brute-force attempt, aligns precisely with the 20 hacking-category reports and 2 brute-force-specific reports submitted during this period.

VNC brute-force activity represents a concrete and immediate threat to any exposed remote desktop services. Attackers using this method systematically iterate authentication credentials against VNC servers, which frequently lack adequate rate-limiting or lockout protections. Successful compromise grants direct graphical access to internal systems, enabling lateral movement, data exfiltration or deployment of follow-on malware. The broken-ack stream signature suggests the attacking client is deliberately fragmenting or mangling TCP handshake packets to evade basic detection or exploit stateful-inspection gaps.

Site operators with publicly accessible VNC or similar remote-access services should immediately block 64.188.91.248 at the firewall or edge device, implement strict port-access controls on TCP 5900-range services, and enforce strong, non-default credentials alongside multi-factor authentication where feasible. Deploying fail2ban or equivalent log-analysis tools to automatically ban sources exhibiting brute-force patterns will reduce long-term exposure. Regular review of authentication logs for source-IP concentration from this address, combined with intrusion-detection alerting, provides essential situational awareness.

More threatening than 91% of monitored IPs

Threat Categories

Hacking 30
Brute-Force 2

Technical Details

General hacking activity includes various intrusion attempts, exploitation of vulnerabilities, and unauthorized access attempts.

Recommended Mitigations

Keep systems patched, implement intrusion detection, and follow security best practices.

Reputable Network

This IP is hosted on a network (ASN 215730) with generally good reputation. The ISP H2nexus Ltd maintains standard security practices.

The malicious activity may represent an isolated compromised system rather than systematic abuse.

Security Recommendations

Continue monitoring for emerging patterns.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 10/10 Critical
Critical
Activity Frequency 0/10 Inactive
Confidence Score 60% High Confidence

Confidence History

27. Feb 2026 - 3. Mar 2026
63% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
Hacking Brute-Force Honeypot x2 75%
Hacking Brute-Force Honeypot x2 75%
Hacking Honeypot x8 75%
Hacking Honeypot x224 75%
Hacking Honeypot x235 75%
Hacking Honeypot x21 75%
Hacking Honeypot x138 75%
Hacking Honeypot x116 75%
Hacking Honeypot x55 75%
Hacking Honeypot x108 75%
Hacking Honeypot x81 75%
Hacking Honeypot x54 75%
Hacking Honeypot 75%
Hacking Honeypot x32 75%
Hacking Honeypot x59 75%
Hacking Honeypot x39 75%
Hacking Honeypot x194 75%
Hacking Honeypot x258 75%
Hacking Honeypot x72 75%
Hacking Honeypot x53 75%
Hacking Honeypot 75%
Hacking Honeypot x101 75%
Hacking Honeypot x122 75%
Hacking Honeypot x184 75%
Hacking Honeypot x67 75%
Hacking Honeypot x4 75%
Hacking Honeypot x46 75%
Hacking Honeypot x72 75%
Hacking Honeypot x103 75%
Hacking Honeypot x76 75%
10 of 2232 shown

Technical Details

Basic Information

IP Address
64.188.91.248
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class A

Geolocation

Country
DE DE
ASN
AS215730
ISP
H2nexus Ltd

DNS Information

Reverse DNS
s279923.love-is.nexus
PTR Record
Yes
Connection Type
Static

Statistics

Total Reports
2,232
First Reported
20 Jan 2026
Last Reported
3 Mar 2026, 14:16

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS215730
H2nexus Ltd
DE DE

Network Threat Assessment

3/10
This network appears to be relatively clean with very low threat indicators.

Network Statistics

25
Total IPs Monitored
4,266
Total Reports
170.6
Reports per IP

Network Context

This IP address belongs to H2nexus Ltd (AS215730), which manages 25 IP addresses in our monitoring system. Out of these, 4,266 have been reported for suspicious activities, resulting in a network-wide threat level of 3/10.

Network status: This network appears to be well-maintained with low threat indicators.

Comparative Analysis

How this IP compares to others in our threat intelligence database

91 %

Global Threat Ranking

This IP is more threatening than 91% of all IPs in our database.

Top 10% Most Dangerous

Global Comparison

Compared against 199,828 reported IPs worldwide

Threat Level 10/10 avg: 5.3 ++
Total Reports 2,232 avg: 23 ++

Network Comparison

Compared against 32 IPs in ASN 215730

Threat Level 10/10 network avg: 6.1 ++
Total Reports 2,232 network avg: 134 ++
Network H2nexus Ltd has overall threat level 3/10

Geographic Comparison

Compared against 7,147 IPs in DE

Threat Level 10/10 country avg: 5.8 ++
Total Reports 2,232 country avg: 61 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,519 threat incidents tracked globally • Last 24h: 18,988 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,480 20.5%
  2. 02
    IN
    India IN
    29,193 15.6%
  3. 03
    CN
    China CN
    26,036 13.9%
  4. 04
    BR
    Brazil BR
    10,259 5.5%
  5. 05
    DE
    Germany DE THIS IP
    7,147 3.8%
  6. 06
    SG
    Singapore SG
    6,479 3.5%
  7. 07
    ID
    Indonesia ID
    5,557 3%
  8. 08
    RU
    Russia RU
    4,707 2.5%
  9. 09
    PK
    Pakistan PK
    4,689 2.5%
  10. 10
    NL
    Netherlands NL
    4,361 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same Autonomous System (AS) network provider.

20 Related IPs
6/10 Avg Threat
48% Avg Confidence
14 High Threat
High-risk network: Majority of related IPs are flagged
87.120.93.91 10/10
Confidence 81%
Reports 16
Location DE DE
27 Apr 2026
94.159.111.151 10/10
Confidence 74%
Reports 52
Location DE DE
9 Mar 2026
94.159.100.141 8/10
Confidence 74%
Reports 18
Location DE DE
9 Mar 2026
45.144.53.78 10/10
Confidence 69%
Reports 23
Location FI FI
7 Nov 2025
64.188.91.244 10/10
Confidence 63%
Reports 1,776
Location DE DE
3 Mar 2026
87.120.93.239 10/10
Confidence 61%
Reports 43
Location DE DE
14 Sep 2025
94.159.99.106 10/10
Confidence 57%
Reports 6
Location DE DE
23 May 2026
94.159.110.150 8/10
Confidence 57%
Reports 6
Location DE DE
18 May 2026
94.159.104.233 8/10
Confidence 51%
Reports 5
Location DE DE
24 Apr 2026
45.144.53.136 0/10
Confidence 40%
Reports 2
Location FI FI
10 Mar 2026
94.159.101.249 0/10
Confidence 39%
Reports 2
Location DE DE
22 Apr 2026
144.31.1.189 7/10
Confidence 38%
Reports 2
Location PL PL
4 Jun 2026
144.31.7.85 7/10
Confidence 37%
Reports 2
Location FI FI
27 May 2026
94.159.103.78 0/10
Confidence 36%
Reports 3
Location DE DE
14 Feb 2026
144.31.90.189 7/10
Confidence 30%
Reports 1
Location FI FI
24 May 2026
150.241.95.187 7/10
Confidence 30%
Reports 1
Location DE DE
24 May 2026
144.31.0.90 7/10
Confidence 30%
Reports 1
Location PL PL
31 May 2026
2.27.27.6 0/10
Confidence 30%
Reports 1
Location VI VI
11 Apr 2026
144.31.3.80 0/10
Confidence 30%
Reports 1
Location PL PL
13 May 2026
94.159.96.62 0/10
Confidence 30%
Reports 1
Location DE DE
22 Apr 2026

IPs from the same subnet range, likely same network segment.

5 Related IPs
7/10 Avg Threat
33% Avg Confidence
4 High Threat
High-risk network: Majority of related IPs are flagged
64.188.91.244 10/10
Confidence 63%
Reports 1,776
Location DE DE
3 Mar 2026
64.188.91.243 10/10
Confidence 62%
Reports 2,084
Location US US
3 Mar 2026
64.188.91.92 0/10
Confidence 23%
Reports 3
Location DE DE
1 Mar 2026
64.188.91.93 7/10
Confidence 9%
Reports 8
Location DE DE
3 Mar 2026
64.188.91.37 8/10
Confidence 6%
Reports 5
Location DE DE
23 Jan 2026

IPs from the same country with similar threat profiles.

15 Related IPs
8.6/10 Avg Threat
100% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
45.92.11.94 8/10
Confidence 100%
Reports 274
ISP Contabo GmbH
1 Mar 2026
88.198.64.173 8/10
Confidence 100%
Reports 174
ISP Hetzner Online ...
22 May 2026
159.100.13.237 8/10
Confidence 100%
Reports 169
ISP Ultahost, Inc.
6 May 2026
46.224.234.158 8/10
Confidence 100%
Reports 131
ISP Hetzner Online ...
9 Jun 2026
5.83.135.249 8/10
Confidence 100%
Reports 116
ISP active 1 GmbH
7 Jun 2026
3.70.164.132 8/10
Confidence 100%
Reports 99
ISP Amazon.com, Inc.
19 May 2026
118.193.59.142 7/10
Confidence 100%
Reports 89
ISP UCLOUD INFORMAT...
5 Jun 2026
94.26.106.90 8/10
Confidence 100%
Reports 86
ISP dataforest GmbH
7 Jun 2026
49.12.3.147 10/10
Confidence 100%
Reports 78
ISP Hetzner Online ...
31 May 2026
94.26.106.111 10/10
Confidence 100%
Reports 75
ISP dataforest GmbH
13 May 2026
80.158.109.51 10/10
Confidence 100%
Reports 73
ISP T-Systems Inter...
6 Jun 2026
212.224.100.2 10/10
Confidence 100%
Reports 61
ISP firstcolo GmbH
31 May 2026
94.130.219.13 10/10
Confidence 100%
Reports 58
ISP Hetzner Online ...
9 May 2026
5.83.135.102 8/10
Confidence 100%
Reports 44
ISP AltunHOST LTD
8 Jun 2026
94.26.106.209 8/10
Confidence 100%
Reports 38
ISP dataforest GmbH
4 Jun 2026

IPs with similar threat level and confidence scores.

15 Related IPs
9.2/10 Avg Threat
63% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
3.130.96.91 8/10
Confidence 63%
Reports 43,462
Location US US
4 Feb 2026
3.134.148.59 8/10
Confidence 63%
Reports 14,980
Location US US
4 Feb 2026
92.118.39.87 10/10
Confidence 63%
Reports 14,713
Location US US
18 Apr 2026
87.120.191.13 10/10
Confidence 63%
Reports 13,131
Location US US
19 Feb 2026
3.137.73.221 8/10
Confidence 63%
Reports 10,228
Location US US
4 Feb 2026
3.132.23.201 8/10
Confidence 63%
Reports 9,576
Location US US
4 Feb 2026
3.149.59.26 8/10
Confidence 63%
Reports 8,795
Location US US
4 Feb 2026
167.250.224.25 10/10
Confidence 63%
Reports 8,244
Location BR BR
14 May 2026
176.117.107.74 10/10
Confidence 63%
Reports 5,739
Location NL NL
21 Dec 2025
142.202.188.211 10/10
Confidence 63%
Reports 4,136
Location US US
8 Apr 2026
176.117.107.91 10/10
Confidence 63%
Reports 3,994
Location NL NL
17 Dec 2025
196.251.70.234 10/10
Confidence 63%
Reports 3,796
Location SC SC
15 Oct 2025
45.88.186.70 8/10
Confidence 63%
Reports 3,632
Location NL NL
2 Feb 2026
2.57.122.209 10/10
Confidence 63%
Reports 2,573
Location RO RO
10 Feb 2026
64.188.91.244 10/10
Confidence 63%
Reports 1,776
Location DE DE
3 Mar 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "64.188.91.248",
    "threat_level": 10,
    "confidence_score": 63,
    "total_reports": 2232,
    "country_code": "DE",
    "isp_name": "H2nexus Ltd",
    "asn": "215730",
    "first_reported": "2026-01-20 21:27:39",
    "last_reported": "2026-03-03 14:16:07",
    "exported_at": "2026-06-09T11:49:39+02:00",
    "source": "https://reportedip.de/ip/64.188.91.248/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses