IP Address

192.159.99.113

IPv4 Public
US US
AS210558
1337 Services GmbH
233 Reports
This IP is under Observation Suspicious activity detected - monitor closely
10/10 Threat
63% Confidence
233 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Top 10% High Threat
US
US Location
1337 Services GmbH ASN 210558
233 Reports
Honeypot Data Source

Critical Threat

IP 192.159.99.113 presents a critical threat profile that warrants immediate defensive action. This address, operated by 1337 Services GmbH under ASN AS210558 in the United States, has accumulated 233 abuse reports from automated honeypot sensors over a four-month window spanning January to April 2026, with a threat level assessed at 10 out of 10. The dominant activity recorded against this IP falls into the hacking category, accounting for 20 of the most recent reports, supplemented by a single exploited-host classification, indicating the address may itself be running malicious tooling without the operator's knowledge.

The detection picture reveals concentrated hostile activity originating from this endpoint. All 233 reports derive from 20 distinct automated honeypot sensors distributed across the threat-intelligence community, suggesting systematic scanning or exploitation attempts rather than isolated incidents. The temporal distribution covers a first report in January 2026 with continued activity through April 2026, establishing a persistent multi-month campaign. Despite the elevated threat score, the reported activity frequency sits at zero out of 10, indicating the honeypots detected relatively few individual connection attempts per sensor, though the cumulative report volume remains significant. Network analysis shows HTTP traffic missing the standard Host header, a pattern commonly associated with automated exploit delivery, malware communication, or reconnaissance tooling rather than legitimate browsing behavior.

The hacking classification encompasses intrusion attempts, vulnerability exploitation, and unauthorized access vectors, posing a direct risk to any exposed service listening on common ports. The additional exploited-host designation suggests this IP may be part of a botnet or compromised infrastructure being weaponized remotely, meaning the operator themselves could be an unwitting victim whose system is being leveraged for attacks. The Suricata signature triggered—HTTP requests lacking a Host header—frequently flags exploit kits, port scanners, and command-and-control beacon traffic, all of which can precede more damaging intrusions against target networks. An address with this dual classification presents a compound risk: it may be simultaneously conducting attacks while also being compromised itself, amplifying its potential impact on the broader internet ecosystem.

More threatening than 91% of monitored IPs

Threat Categories

Hacking 30
Exploited Host 1

Technical Details

General hacking activity includes various intrusion attempts, exploitation of vulnerabilities, and unauthorized access attempts.

Recommended Mitigations

Keep systems patched, implement intrusion detection, and follow security best practices.

Moderate Network Risk

The network hosting this IP (ASN 210558, operated by 1337 Services GmbH) shows moderate threat indicators. Some concerning activity has been detected from neighboring addresses.

Consider the network context when assessing this individual IP.

Security Recommendations

Continue monitoring for emerging patterns.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 10/10 Critical
Critical
Activity Frequency 0/10 Inactive
Confidence Score 60% High Confidence

Confidence History

26. Jan 2026 - 3. Apr 2026
63% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
Hacking Honeypot 75%
Hacking Exploited Host Honeypot x2 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot x2 75%
Hacking Honeypot x2 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot x2 75%
Hacking Honeypot x2 75%
Hacking Honeypot x2 75%
Hacking Honeypot x2 75%
Hacking Honeypot x2 75%
Hacking Honeypot 75%
Hacking Honeypot x2 75%
Hacking Honeypot x4 75%
Hacking Honeypot x2 75%
Hacking Honeypot x2 75%
Hacking Honeypot x2 75%
Hacking Honeypot x2 75%
Hacking Honeypot x2 75%
Hacking Honeypot x2 75%
Hacking Honeypot x2 75%
Hacking Honeypot x4 75%
Hacking Honeypot x2 75%
Hacking Honeypot x2 75%
Hacking Honeypot x2 75%
Hacking Honeypot x4 75%
Hacking Honeypot x2 75%
10 of 233 shown

Technical Details

Basic Information

IP Address
192.159.99.113
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class C

Geolocation

Country
US US
ASN
AS210558
ISP
1337 Services GmbH

DNS Information

Reverse DNS
None
PTR Record
No
Connection Type
Static

Statistics

Total Reports
233
First Reported
20 Jan 2026
Last Reported
3 Apr 2026, 23:10

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS210558
1337 Services GmbH
NL NL

Network Threat Assessment

4/10
This network has low threat indicators with minimal suspicious activity.

Network Statistics

235
Total IPs Monitored
5,398
Total Reports
23
Reports per IP

Network Context

This IP address belongs to 1337 Services GmbH (AS210558), which manages 235 IP addresses in our monitoring system. Out of these, 5,398 have been reported for suspicious activities, resulting in a network-wide threat level of 4/10.

Network notice: This network shows some suspicious activity patterns. Monitor interactions with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

91 %

Global Threat Ranking

This IP is more threatening than 91% of all IPs in our database.

Top 10% Most Dangerous

Global Comparison

Compared against 199,597 reported IPs worldwide

Threat Level 10/10 avg: 5.3 ++
Total Reports 233 avg: 23 ++

Network Comparison

Compared against 307 IPs in ASN 210558

Threat Level 10/10 network avg: 6.3 ++
Total Reports 233 network avg: 19 ++
Network 1337 Services GmbH has overall threat level 4/10

Geographic Comparison

Compared against 38,457 IPs in US

Threat Level 10/10 country avg: 5.9 ++
Total Reports 233 country avg: 41 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,273 threat incidents tracked globally • Last 24h: 18,965 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US THIS IP
    38,457 20.5%
  2. 02
    IN
    India IN
    29,090 15.5%
  3. 03
    CN
    China CN
    26,027 13.9%
  4. 04
    BR
    Brazil BR
    10,256 5.5%
  5. 05
    DE
    Germany DE
    7,143 3.8%
  6. 06
    SG
    Singapore SG
    6,476 3.5%
  7. 07
    ID
    Indonesia ID
    5,543 3%
  8. 08
    RU
    Russia RU
    4,703 2.5%
  9. 09
    PK
    Pakistan PK
    4,670 2.5%
  10. 10
    NL
    Netherlands NL
    4,357 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same Autonomous System (AS) network provider.

20 Related IPs
9.2/10 Avg Threat
91% Avg Confidence
20 High Threat
High-risk network: Majority of related IPs are flagged
45.154.98.96 8/10
Confidence 100%
Reports 15
Location NL NL
6 Jun 2026
193.26.115.241 8/10
Confidence 99%
Reports 96
Location US US
8 Jun 2026
45.94.31.24 8/10
Confidence 99%
Reports 34
Location NL NL
27 May 2026
124.198.131.185 10/10
Confidence 94%
Reports 685
Location US US
17 May 2026
124.198.131.162 10/10
Confidence 94%
Reports 233
Location US US
23 Apr 2026
124.198.131.22 10/10
Confidence 94%
Reports 108
Location US US
29 May 2026
45.80.158.249 10/10
Confidence 94%
Reports 90
Location NL NL
16 Jan 2026
124.198.131.39 10/10
Confidence 94%
Reports 52
Location US US
9 Jun 2026
185.241.208.27 10/10
Confidence 94%
Reports 29
Location PL PL
27 May 2026
124.198.131.145 10/10
Confidence 94%
Reports 22
Location US US
2 Feb 2026
45.94.31.197 8/10
Confidence 93%
Reports 19
Location NL NL
15 May 2026
124.198.131.220 10/10
Confidence 92%
Reports 13
Location US US
20 May 2026
45.154.98.38 8/10
Confidence 90%
Reports 20
Location NL NL
8 Jun 2026
45.92.1.236 10/10
Confidence 89%
Reports 19
Location NL NL
11 May 2026
192.159.99.125 8/10
Confidence 87%
Reports 31
Location US US
20 Apr 2026
124.198.131.61 10/10
Confidence 84%
Reports 187
Location US US
10 Feb 2026
45.154.98.150 8/10
Confidence 83%
Reports 9
Location NL NL
6 Jun 2026
45.154.98.124 10/10
Confidence 81%
Reports 51
Location NL NL
21 Dec 2025
124.198.131.24 10/10
Confidence 80%
Reports 12
Location US US
3 Apr 2026
194.26.192.141 8/10
Confidence 80%
Reports 9
Location NL NL
9 May 2026

IPs from the same subnet range, likely same network segment.

20 Related IPs
5.4/10 Avg Threat
45% Avg Confidence
12 High Threat
High-risk network: Majority of related IPs are flagged
192.159.99.125 8/10
Confidence 87%
Reports 31
Location US US
20 Apr 2026
192.159.99.180 10/10
Confidence 67%
Reports 57
Location NL NL
27 Nov 2025
192.159.99.162 8/10
Confidence 65%
Reports 270
Location NL NL
22 Oct 2025
192.159.99.229 8/10
Confidence 65%
Reports 6
Location US US
6 Apr 2026
192.159.99.101 10/10
Confidence 64%
Reports 335
Location NL NL
18 Nov 2025
192.159.99.95 10/10
Confidence 62%
Reports 611
Location NL NL
27 Jan 2026
192.159.99.92 8/10
Confidence 62%
Reports 11
Location NL NL
13 Sep 2025
192.159.99.123 10/10
Confidence 55%
Reports 4
Location US US
23 May 2026
192.159.99.55 10/10
Confidence 51%
Reports 3
Location US US
9 Jun 2026
192.159.99.69 0/10
Confidence 40%
Reports 2
Location US US
7 Apr 2026
192.159.99.169 0/10
Confidence 34%
Reports 3
Location US US
13 Feb 2026
192.159.99.196 0/10
Confidence 30%
Reports 3
Location US US
10 Feb 2026
192.159.99.160 7/10
Confidence 30%
Reports 1
Location US US
1 Jun 2026
192.159.99.210 0/10
Confidence 30%
Reports 1
Location US US
19 Mar 2026
192.159.99.132 0/10
Confidence 30%
Reports 1
Location US US
11 Mar 2026
192.159.99.156 0/10
Confidence 30%
Reports 1
Location US US
5 Apr 2026
192.159.99.241 7/10
Confidence 29%
Reports 1
Location US US
28 May 2026
192.159.99.205 0/10
Confidence 29%
Reports 1
Location US US
15 Mar 2026
192.159.99.236 7/10
Confidence 24%
Reports 1
Location NL NL
11 Dec 2025
192.159.99.16 4/10
Confidence 23%
Reports 1
Location US US
2 Jun 2026

IPs from the same country with similar threat profiles.

15 Related IPs
8.3/10 Avg Threat
100% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
208.109.188.137 8/10
Confidence 100%
Reports 514
ISP GO-DADDY-COM-LLC
9 Jun 2026
50.6.7.129 8/10
Confidence 100%
Reports 447
ISP ORACLE-BMC-31898
22 May 2026
72.167.150.128 8/10
Confidence 100%
Reports 429
ISP GO-DADDY-COM-LLC
27 May 2026
50.6.229.148 8/10
Confidence 100%
Reports 346
ISP ORACLE-BMC-31898
9 May 2026
87.121.84.30 8/10
Confidence 100%
Reports 295
ISP Vpsvault.host Ltd
20 Apr 2026
50.6.226.221 10/10
Confidence 100%
Reports 223
ISP ORACLE-BMC-31898
2 Mar 2026
31.57.184.107 8/10
Confidence 100%
Reports 202
ISP Netiface LLC
3 Jun 2026
64.31.25.250 8/10
Confidence 100%
Reports 176
ISP Limestone Netwo...
8 Jun 2026
74.206.180.196 8/10
Confidence 100%
Reports 143
ISP MOJOHOST
4 Jun 2026
35.226.7.126 8/10
Confidence 100%
Reports 131
ISP Google LLC
18 May 2026
147.135.37.185 8/10
Confidence 100%
Reports 131
ISP OVH SAS
14 May 2026
162.241.152.21 8/10
Confidence 100%
Reports 126
ISP Network Solutio...
8 Jun 2026
38.95.35.74 8/10
Confidence 100%
Reports 112
ISP Limestone Netwo...
2 Jun 2026
50.6.169.131 8/10
Confidence 100%
Reports 106
ISP Network Solutio...
6 Jun 2026
162.214.206.32 10/10
Confidence 100%
Reports 98
ISP Unified Layer
30 May 2026

IPs with similar threat level and confidence scores.

15 Related IPs
9.2/10 Avg Threat
63% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
3.130.96.91 8/10
Confidence 63%
Reports 43,462
Location US US
4 Feb 2026
3.134.148.59 8/10
Confidence 63%
Reports 14,980
Location US US
4 Feb 2026
92.118.39.87 10/10
Confidence 63%
Reports 14,713
Location US US
18 Apr 2026
87.120.191.13 10/10
Confidence 63%
Reports 13,131
Location US US
19 Feb 2026
3.137.73.221 8/10
Confidence 63%
Reports 10,228
Location US US
4 Feb 2026
3.132.23.201 8/10
Confidence 63%
Reports 9,576
Location US US
4 Feb 2026
3.149.59.26 8/10
Confidence 63%
Reports 8,795
Location US US
4 Feb 2026
167.250.224.25 10/10
Confidence 63%
Reports 8,244
Location BR BR
14 May 2026
176.117.107.74 10/10
Confidence 63%
Reports 5,739
Location NL NL
21 Dec 2025
142.202.188.211 10/10
Confidence 63%
Reports 4,136
Location US US
8 Apr 2026
176.117.107.91 10/10
Confidence 63%
Reports 3,994
Location NL NL
17 Dec 2025
196.251.70.234 10/10
Confidence 63%
Reports 3,796
Location SC SC
15 Oct 2025
45.88.186.70 8/10
Confidence 63%
Reports 3,632
Location NL NL
2 Feb 2026
2.57.122.209 10/10
Confidence 63%
Reports 2,573
Location RO RO
10 Feb 2026
64.188.91.248 10/10
Confidence 63%
Reports 2,232
Location DE DE
3 Mar 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "192.159.99.113",
    "threat_level": 10,
    "confidence_score": 63,
    "total_reports": 233,
    "country_code": "US",
    "isp_name": "1337 Services GmbH",
    "asn": "210558",
    "first_reported": "2026-01-20 20:22:06",
    "last_reported": "2026-04-03 23:10:28",
    "exported_at": "2026-06-09T10:02:18+02:00",
    "source": "https://reportedip.de/ip/192.159.99.113/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses