IP Address

192.248.152.79

IPv4 Public
GB GB
AS20473
AS-VULTR
162 Reports
This IP is on the Blacklist High confidence threat - blocking recommended
10/10 Threat
94% Confidence
162 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Top 5% Most Dangerous
GB
GB Location
AS-VULTR ASN 20473
162 Reports
Honeypot Data Source

Critical Alert

IP 192.248.152.79 is a critical-risk address operating from Vultr's infrastructure (AS20473) with a threat score of 10/10, linked predominantly to SSH brute-force intrusion attempts detected by automated honeypot sensors across twenty reporting nodes.

The IP accumulated 162 abuse reports in a single month, with 17 reports categorised as general hacking activity and 3 specifically documenting SSH brute-force attempts. Activity frequency scored 8/10, indicating persistent and repeated engagement throughout December 2025. Despite originating from a United Kingdom-registered network allocation, the underlying infrastructure ownership points to Vultr, a major cloud provider known for accommodating diverse customer bases, which frequently results in its IP ranges appearing across threat intelligence feeds. The 94% confidence score reflects substantial corroboration across multiple detection systems, with automated honeypot sensors providing the primary intelligence on this address.

SSH brute-force attacks represent a direct pathway to server compromise through systematic password guessing. An attacker controlling this IP would methodically cycle through authentication credentials against exposed SSH services, with successful access enabling complete system control, data theft, lateral movement, or pivot hosting for additional attacks. The volume and persistence of reports suggest an automated, high-throughput operation likely employing dictionary-based credential lists rather than opportunistic scanning.

Network defenders should immediately block or rate-limit connections from this address at the firewall level, implement fail2ban or equivalent tools to automatically ban repeat offenders, enforce key-based SSH authentication exclusively, disable root login, and configure non-standard ports to reduce exposure. Regular monitoring of authentication logs for patterns consistent with brute-force activity—repeated failed logins, unusual timing, or suspicious source addresses—enables early detection of ongoing campaigns.

More threatening than 98% of monitored IPs

Threat Categories

Hacking 25
SSH 5

Technical Details

General hacking activity includes various intrusion attempts, exploitation of vulnerabilities, and unauthorized access attempts.

Recommended Mitigations

Keep systems patched, implement intrusion detection, and follow security best practices.

Datacenter Infrastructure

This IP is allocated from datacenter space operated by AS-VULTR. Datacenter IPs used for attacks often indicate intentional malicious infrastructure.

Purpose-provisioned attack infrastructure may represent more sophisticated threat actors.

Security Recommendations

Continue monitoring for emerging patterns.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 10/10 Critical
Critical
Activity Frequency 8/10 High
Confidence Score 59% High Confidence

Confidence History

30. Dec 2025
94% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
SSH Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
SSH Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
SSH Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
SSH Honeypot 75%
Hacking Honeypot 75%
SSH Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
10 of 162 shown

Technical Details

Basic Information

IP Address
192.248.152.79
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class C

Geolocation

Country
GB GB
ASN
AS20473
ISP
AS-VULTR

DNS Information

Reverse DNS
192.248.152.79.vultrusercontent.com
PTR Record
Yes
Connection Type
Dynamic

Statistics

Total Reports
162
First Reported
29 Dec 2025
Last Reported
30 Dec 2025, 02:53

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS20473
The Constant Company, LLC
PL PL

Network Threat Assessment

2/10
This network appears to be relatively clean with very low threat indicators.

Network Statistics

143
Total IPs Monitored
17,073
Total Reports
119.4
Reports per IP

Network Context

This IP address belongs to The Constant Company, LLC (AS20473), which manages 143 IP addresses in our monitoring system. Out of these, 17,073 have been reported for suspicious activities, resulting in a network-wide threat level of 2/10.

Network status: This network appears to be well-maintained with low threat indicators.

Comparative Analysis

How this IP compares to others in our threat intelligence database

98 %

Global Threat Ranking

This IP is more threatening than 98% of all IPs in our database.

Top 10% Most Dangerous

Global Comparison

Compared against 199,664 reported IPs worldwide

Threat Level 10/10 avg: 5.3 ++
Total Reports 162 avg: 23 ++

Network Comparison

Compared against 178 IPs in ASN 20473

Threat Level 10/10 network avg: 4.4 ++
Total Reports 162 network avg: 101 ++
Network AS-VULTR has overall threat level 2/10

Geographic Comparison

Compared against 4,299 IPs in GB

Threat Level 10/10 country avg: 5.4 ++
Total Reports 162 country avg: 27 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,375 threat incidents tracked globally • Last 24h: 18,936 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,468 20.5%
  2. 02
    IN
    India IN
    29,136 15.5%
  3. 03
    CN
    China CN
    26,029 13.9%
  4. 04
    BR
    Brazil BR
    10,256 5.5%
  5. 05
    DE
    Germany DE
    7,144 3.8%
  6. 06
    SG
    Singapore SG
    6,476 3.5%
  7. 07
    ID
    Indonesia ID
    5,551 3%
  8. 08
    RU
    Russia RU
    4,703 2.5%
  9. 09
    PK
    Pakistan PK
    4,677 2.5%
  10. 10
    NL
    Netherlands NL
    4,358 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same Autonomous System (AS) network provider.

20 Related IPs
9.9/10 Avg Threat
87% Avg Confidence
20 High Threat
High-risk network: Majority of related IPs are flagged
45.32.67.165 10/10
Confidence 96%
Reports 20
Location US US
3 Jun 2026
155.138.210.119 10/10
Confidence 94%
Reports 1,434
Location US US
26 May 2026
45.32.183.226 10/10
Confidence 94%
Reports 881
Location GB GB
29 Dec 2025
216.238.82.64 10/10
Confidence 94%
Reports 238
Location MX MX
30 May 2026
216.238.68.50 10/10
Confidence 94%
Reports 234
Location MX MX
30 May 2026
216.238.76.160 10/10
Confidence 94%
Reports 226
Location MX MX
30 May 2026
216.238.73.116 10/10
Confidence 94%
Reports 198
Location MX MX
24 May 2026
216.238.73.39 10/10
Confidence 94%
Reports 140
Location MX MX
11 May 2026
216.238.85.54 10/10
Confidence 94%
Reports 139
Location MX MX
11 May 2026
216.238.80.39 10/10
Confidence 94%
Reports 131
Location MX MX
11 May 2026
216.238.76.46 10/10
Confidence 94%
Reports 130
Location MX MX
11 May 2026
216.238.85.4 10/10
Confidence 94%
Reports 79
Location MX MX
30 May 2026
216.238.87.122 10/10
Confidence 94%
Reports 72
Location MX MX
11 May 2026
139.180.189.229 10/10
Confidence 94%
Reports 15
Location SG SG
8 May 2026
139.180.163.29 10/10
Confidence 92%
Reports 13
Location AU AU
2 Jun 2026
45.76.170.104 10/10
Confidence 78%
Reports 40
Location US US
29 Mar 2026
70.34.253.196 10/10
Confidence 73%
Reports 29
Location PL PL
16 Mar 2026
45.76.149.200 8/10
Confidence 65%
Reports 8
Location SG SG
11 May 2026
139.84.168.82 10/10
Confidence 63%
Reports 7
Location IN IN
7 Jun 2026
45.32.210.176 10/10
Confidence 59%
Reports 13,308
Location US US
8 Sep 2025

IPs from the same country with similar threat profiles.

15 Related IPs
8.9/10 Avg Threat
100% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
185.196.9.127 8/10
Confidence 100%
Reports 157
ISP Global-Data Sys...
1 Mar 2026
213.171.208.232 8/10
Confidence 100%
Reports 135
ISP IONOS SE
7 Jun 2026
213.171.208.62 8/10
Confidence 100%
Reports 122
ISP IONOS SE
9 Jun 2026
62.232.51.140 8/10
Confidence 100%
Reports 107
ISP Wavenet Limited
31 May 2026
198.38.94.18 10/10
Confidence 100%
Reports 92
ISP WHG Hosting Ser...
9 Jun 2026
198.38.94.14 10/10
Confidence 100%
Reports 78
ISP WHG Hosting Ser...
8 Jun 2026
209.42.20.53 8/10
Confidence 100%
Reports 52
ISP WHG Hosting Ser...
9 Jun 2026
167.71.136.93 10/10
Confidence 100%
Reports 39
ISP DigitalOcean, LLC
9 Jun 2026
87.106.67.224 8/10
Confidence 100%
Reports 31
ISP IONOS SE
9 Jun 2026
64.89.160.178 8/10
Confidence 100%
Reports 29
ISP Ghosty Networks...
4 Jun 2026
94.76.235.103 10/10
Confidence 100%
Reports 27
ISP Team Blue Carri...
28 May 2026
77.68.30.172 10/10
Confidence 100%
Reports 17
ISP IONOS SE
6 May 2026
2.27.36.16 10/10
Confidence 100%
Reports 14
ISP DpkgSoft Intern...
23 May 2026
37.143.61.60 10/10
Confidence 100%
Reports 12
ISP UK Dedicated Se...
26 May 2026
34.39.58.191 8/10
Confidence 99%
Reports 108
ISP GOOGLE-CLOUD-PL...
3 May 2026

IPs with similar threat level and confidence scores.

15 Related IPs
9.7/10 Avg Threat
94% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
193.32.162.28 10/10
Confidence 94%
Reports 5,435
Location RO RO
25 May 2026
51.68.207.118 10/10
Confidence 94%
Reports 5,261
Location FR FR
9 Jun 2026
185.246.128.133 10/10
Confidence 94%
Reports 5,116
Location SE SE
9 Jun 2026
185.233.247.245 8/10
Confidence 94%
Reports 3,686
Location TR TR
6 Jun 2026
49.12.27.102 10/10
Confidence 94%
Reports 3,548
Location DE DE
8 Jun 2026
128.199.240.7 10/10
Confidence 94%
Reports 3,512
Location SG SG
25 May 2026
162.55.119.195 10/10
Confidence 94%
Reports 3,404
Location DE DE
30 Apr 2026
66.132.172.162 10/10
Confidence 94%
Reports 3,326
Location US US
9 Jun 2026
66.132.172.165 10/10
Confidence 94%
Reports 3,322
Location US US
9 Jun 2026
66.132.172.175 10/10
Confidence 94%
Reports 3,316
Location US US
9 Jun 2026
66.132.172.164 10/10
Confidence 94%
Reports 3,309
Location US US
9 Jun 2026
66.132.172.167 10/10
Confidence 94%
Reports 3,303
Location US US
9 Jun 2026
66.132.172.171 10/10
Confidence 94%
Reports 3,290
Location US US
9 Jun 2026
66.132.172.160 8/10
Confidence 94%
Reports 3,274
Location US US
9 Jun 2026
66.132.172.161 10/10
Confidence 94%
Reports 3,273
Location US US
9 Jun 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "192.248.152.79",
    "threat_level": 10,
    "confidence_score": 94,
    "total_reports": 162,
    "country_code": "GB",
    "isp_name": "AS-VULTR",
    "asn": "20473",
    "first_reported": "2025-12-29 12:53:07",
    "last_reported": "2025-12-30 02:53:58",
    "exported_at": "2026-06-09T10:23:34+02:00",
    "source": "https://reportedip.de/ip/192.248.152.79/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses