IP Address

87.251.64.144

IPv4 Public
US US
AS200730
ISAEV Igor
337 Reports
This IP is on the Blacklist High confidence threat - blocking recommended
8/10 Threat
93% Confidence
337 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Above Average Risk
US
US Location
ISAEV Igor ASN 200730
337 Reports
Honeypot Data Source

High Risk

IP 87.251.64.144 is a high-risk address that automated honeypot sensors and community reports have flagged with a threat level of 8/10, linked to persistent SSH brute-force attack activity targeting servers worldwide.

Security monitoring systems recorded 319 total abuse reports attributed to this IP over a concentrated detection window spanning April 2026 through June 2026, with a notably high activity frequency score of 8/10. The IP originates from a network operated by ISAEV Igor under ASN 200730 in the United States. All 20 of the most recent threat reports specifically document SSH (Secure Shell) intrusion attempts, detected exclusively through automated honeypot infrastructure. Fail2ban sensors captured multiple sshd authentication failures, with at least 25 violations logged against protected services during the observation period, indicating sustained and systematic credential-guessing campaigns rather than opportunistic scanning.

SSH brute-force attacks represent one of the most common initial-access vectors in server compromise, where threat actors systematically attempt username and password combinations against exposed SSH daemons to gain unauthorized shell access. The concentration of violations observed against honeypot sensors suggests the address is part of an active scanning operation, likely leveraging wordlists of common credentials to compromise misconfigured or poorly hardened Linux and network devices. Successful authentication grants attackers persistent remote access, enabling data exfiltration, malware deployment, or lateral movement within compromised infrastructure.

Site operators running publicly accessible SSH services should immediately implement defensive controls: enforce key-based authentication and disable password-based login entirely, change the default SSH port to reduce automated targeting, and deploy tools such as fail2ban to automatically block IPs demonstrating brute-force behavior. Regularly auditing authorized keys, restricting root login, and monitoring authentication logs for unusual source addresses will further reduce exposure to credentials-based intrusion attempts of this nature.

More threatening than 81% of monitored IPs

Threat Categories

SSH 30

Technical Details

SSH attacks attempt to gain server access through password guessing or exploitation of SSH vulnerabilities.

Recommended Mitigations

Use key-based authentication, change default ports, implement fail2ban, and disable root login.

Behavioral Analysis

Activity Pattern: Consistent Activity

Steady malicious activity over 4 weeks indicates persistent threat actor operations.

First Observed 11. May 2026
Last Activity 8. June 2026
Recent (7 days) 18 incidents

Moderate Network Risk

The network hosting this IP (ASN 200730, operated by ISAEV Igor) shows moderate threat indicators. Some concerning activity has been detected from neighboring addresses.

Consider the network context when assessing this individual IP.

Security Recommendations

Long-term blocking recommended.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 8/10 High
Critical
Activity Frequency 8/10 High
Confidence Score 93% Verified

Confidence History

29. May 2026 - 8. Jun 2026
93% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
New SSH Honeypot 75%
New SSH Honeypot 75%
New SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
10 of 337 shown

Technical Details

Basic Information

IP Address
87.251.64.144
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class A

Geolocation

Country
US US
ASN
AS200730
ISP
ISAEV Igor

DNS Information

Reverse DNS
None
PTR Record
No
Connection Type
Static

Statistics

Total Reports
337
First Reported
14 Apr 2026
Last Reported
8 Jun 2026, 18:33

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS200730
ISAEV Igor
US US

Network Threat Assessment

4/10
This network has low threat indicators with minimal suspicious activity.

Network Statistics

12
Total IPs Monitored
1,918
Total Reports
159.8
Reports per IP

Network Context

This IP address belongs to ISAEV Igor (AS200730), which manages 12 IP addresses in our monitoring system. Out of these, 1,918 have been reported for suspicious activities, resulting in a network-wide threat level of 4/10.

Network notice: This network shows some suspicious activity patterns. Monitor interactions with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

81 %

Global Threat Ranking

This IP is more threatening than 81% of all IPs in our database.

High Threat Percentile

Global Comparison

Compared against 199,613 reported IPs worldwide

Threat Level 8/10 avg: 5.3 ++
Total Reports 337 avg: 23 ++

Network Comparison

Compared against 14 IPs in ASN 200730

Threat Level 8/10 network avg: 6.6 +
Total Reports 337 network avg: 412 -
Network ISAEV Igor has overall threat level 4/10

Geographic Comparison

Compared against 38,468 IPs in US

Threat Level 8/10 country avg: 5.9 +
Total Reports 337 country avg: 41 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,273 threat incidents tracked globally • Last 24h: 18,965 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US THIS IP
    38,457 20.5%
  2. 02
    IN
    India IN
    29,090 15.5%
  3. 03
    CN
    China CN
    26,027 13.9%
  4. 04
    BR
    Brazil BR
    10,256 5.5%
  5. 05
    DE
    Germany DE
    7,143 3.8%
  6. 06
    SG
    Singapore SG
    6,476 3.5%
  7. 07
    ID
    Indonesia ID
    5,543 3%
  8. 08
    RU
    Russia RU
    4,703 2.5%
  9. 09
    PK
    Pakistan PK
    4,670 2.5%
  10. 10
    NL
    Netherlands NL
    4,357 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same subnet range, likely same network segment.

13 Related IPs
6.5/10 Avg Threat
66% Avg Confidence
9 High Threat
High-risk network: Majority of related IPs are flagged
87.251.64.146 10/10
Confidence 98%
Reports 1,958
Location US US
9 Jun 2026
87.251.64.159 10/10
Confidence 94%
Reports 2,236
Location US US
7 May 2026
87.251.64.149 8/10
Confidence 93%
Reports 460
Location US US
9 Jun 2026
87.251.64.147 8/10
Confidence 93%
Reports 388
Location US US
9 Jun 2026
87.251.64.145 8/10
Confidence 93%
Reports 346
Location US US
8 Jun 2026
87.251.64.50 10/10
Confidence 92%
Reports 13
Location PL PL
5 Jun 2026
87.251.64.125 10/10
Confidence 74%
Reports 9
Location PL PL
13 May 2026
87.251.64.150 10/10
Confidence 47%
Reports 5
Location US US
15 Apr 2026
87.251.64.74 10/10
Confidence 47%
Reports 5
Location US US
6 Apr 2026
87.251.64.75 0/10
Confidence 39%
Reports 2
Location US US
5 Apr 2026
87.251.64.73 0/10
Confidence 30%
Reports 1
Location US US
4 Apr 2026
87.251.64.180 0/10
Confidence 30%
Reports 1
Location US US
13 Apr 2026
87.251.64.141 0/10
Confidence 29%
Reports 1
Location US US
29 Mar 2026

IPs from the same country with similar threat profiles.

15 Related IPs
8.3/10 Avg Threat
100% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
208.109.188.137 8/10
Confidence 100%
Reports 514
ISP GO-DADDY-COM-LLC
9 Jun 2026
50.6.7.129 8/10
Confidence 100%
Reports 447
ISP ORACLE-BMC-31898
22 May 2026
72.167.150.128 8/10
Confidence 100%
Reports 429
ISP GO-DADDY-COM-LLC
27 May 2026
50.6.229.148 8/10
Confidence 100%
Reports 346
ISP ORACLE-BMC-31898
9 May 2026
87.121.84.30 8/10
Confidence 100%
Reports 295
ISP Vpsvault.host Ltd
20 Apr 2026
50.6.226.221 10/10
Confidence 100%
Reports 223
ISP ORACLE-BMC-31898
2 Mar 2026
31.57.184.107 8/10
Confidence 100%
Reports 202
ISP Netiface LLC
3 Jun 2026
64.31.25.250 8/10
Confidence 100%
Reports 176
ISP Limestone Netwo...
8 Jun 2026
74.206.180.196 8/10
Confidence 100%
Reports 143
ISP MOJOHOST
4 Jun 2026
35.226.7.126 8/10
Confidence 100%
Reports 131
ISP Google LLC
18 May 2026
147.135.37.185 8/10
Confidence 100%
Reports 131
ISP OVH SAS
14 May 2026
162.241.152.21 8/10
Confidence 100%
Reports 126
ISP Network Solutio...
8 Jun 2026
38.95.35.74 8/10
Confidence 100%
Reports 112
ISP Limestone Netwo...
2 Jun 2026
50.6.169.131 8/10
Confidence 100%
Reports 106
ISP Network Solutio...
6 Jun 2026
162.214.206.32 10/10
Confidence 100%
Reports 98
ISP Unified Layer
30 May 2026

IPs with similar threat level and confidence scores.

15 Related IPs
9.3/10 Avg Threat
93% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
176.65.149.31 10/10
Confidence 93%
Reports 4,020
Location NL NL
9 Jun 2026
45.205.1.5 10/10
Confidence 93%
Reports 2,951
Location MU MU
9 Jun 2026
46.151.178.13 8/10
Confidence 93%
Reports 2,753
Location NL NL
9 Jun 2026
200.124.160.2 10/10
Confidence 93%
Reports 2,116
Location MX MX
21 Apr 2026
80.66.83.43 10/10
Confidence 93%
Reports 1,977
Location RU RU
9 Jun 2026
130.12.181.98 8/10
Confidence 93%
Reports 1,224
Location DE DE
6 Jun 2026
91.92.240.13 8/10
Confidence 93%
Reports 841
Location DE DE
18 May 2026
5.83.143.40 10/10
Confidence 93%
Reports 823
Location NL NL
9 Jun 2026
160.119.76.4 8/10
Confidence 93%
Reports 820
Location SC SC
2 Jun 2026
103.56.148.184 10/10
Confidence 93%
Reports 634
Location ID ID
9 Jun 2026
185.224.128.16 10/10
Confidence 93%
Reports 609
Location NL NL
9 Jun 2026
185.156.73.157 10/10
Confidence 93%
Reports 525
Location UA UA
31 May 2026
80.94.95.83 10/10
Confidence 93%
Reports 488
Location RO RO
9 Jun 2026
154.239.6.163 8/10
Confidence 93%
Reports 470
Location EG EG
10 May 2026
5.83.143.80 10/10
Confidence 93%
Reports 461
Location NL NL
3 Jun 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "87.251.64.144",
    "threat_level": 8,
    "confidence_score": 93,
    "total_reports": 337,
    "country_code": "US",
    "isp_name": "ISAEV Igor",
    "asn": "200730",
    "first_reported": "2026-04-14 12:31:57",
    "last_reported": "2026-06-08 18:33:48",
    "exported_at": "2026-06-09T10:09:40+02:00",
    "source": "https://reportedip.de/ip/87.251.64.144/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses