IP Address

95.110.231.151

IPv4 Public
IT IT
AS31034
Aruba S.p.A.
397 Reports
This IP is on the Blacklist High confidence threat - blocking recommended
8/10 Threat
82% Confidence
397 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Above Average Risk
IT
IT Location
Aruba S.p.A. ASN 31034
397 Reports
Honeypot Data Source

High Risk

IP 95.110.231.151 is a high-risk Italian address associated with 397 reported incidents, predominantly SSH brute-force activity detected by automated honeypot sensors, presenting a credible threat to exposed remote-access services. The address, operated by Aruba S.p.A. under ASN AS31034, carries an 8/10 threat level with an 82% confidence rating, indicating substantial corroboration across multiple detection sources during its active window in December 2025.

Community reports and automated honeypot sensors logged the bulk of this activity, with fail2ban triggering repeatedly on sshd connections, confirming systematic password-guessing behaviour rather than opportunistic scanning. Despite a high total report volume of 397 incidents, the activity frequency score of 0/10 suggests the attacks were concentrated in a specific period rather than sustained over time, consistent with coordinated scanning campaigns that target broad IP ranges in short bursts. The Italian network ownership through Aruba S.p.A., a major European hosting provider, places this source within infrastructure commonly abused for anonymised attack traffic due to its commercial hosting model.

SSH brute-force attacks represent one of the most persistent threats to internet-exposed servers, exploiting weak or default credentials to gain unauthorised shell access. Once inside, attackers typically deploy backdoors, cryptocurrency miners or pivot further into internal networks, making initial access a critical breach point. The repeated detection by fail2ban confirms that the address is actively scanning for accessible SSH daemons, with each failed authentication attempt consuming server resources and generating log noise that can obscure genuine login attempts.

Operators running accessible SSH services should enforce key-based authentication exclusively, disable password-based login entirely, and move the service to a non-standard port to reduce exposure surface. Implementing fail2ban with aggressive ban thresholds tailored to sshd will automatically block repeated source addresses like 95.110.231.151. Additionally, restricting SSH access to known IP ranges via firewall rules or VPN jump hosts and monitoring authentication logs for patterns matching this address will further harden defences against similar scanning activity.

More threatening than 80% of monitored IPs

Threat Categories

SSH 30

Technical Details

SSH attacks attempt to gain server access through password guessing or exploitation of SSH vulnerabilities.

Recommended Mitigations

Use key-based authentication, change default ports, implement fail2ban, and disable root login.

Moderate Network Risk

The network hosting this IP (ASN 31034, operated by Aruba S.p.A.) shows moderate threat indicators. Some concerning activity has been detected from neighboring addresses.

Consider the network context when assessing this individual IP.

Security Recommendations

Continue monitoring for emerging patterns.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 8/10 High
Critical
Activity Frequency 0/10 Inactive
Confidence Score 62% High Confidence

Confidence History

15. Dec 2025
82% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
10 of 397 shown

Technical Details

Basic Information

IP Address
95.110.231.151
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class A

Geolocation

Country
IT IT
ASN
AS31034
ISP
Aruba S.p.A.

DNS Information

Reverse DNS
host151-231-110-95.serverdedicati.aruba.it
PTR Record
Yes
Connection Type
Dynamic

Statistics

Total Reports
397
First Reported
13 Dec 2025
Last Reported
15 Dec 2025, 11:35

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS31034
Aruba S.p.A.
IT IT

Network Threat Assessment

4/10
This network has low threat indicators with minimal suspicious activity.

Network Statistics

22
Total IPs Monitored
662
Total Reports
30.1
Reports per IP

Network Context

This IP address belongs to Aruba S.p.A. (AS31034), which manages 22 IP addresses in our monitoring system. Out of these, 662 have been reported for suspicious activities, resulting in a network-wide threat level of 4/10.

Network notice: This network shows some suspicious activity patterns. Monitor interactions with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

80 %

Global Threat Ranking

This IP is more threatening than 80% of all IPs in our database.

High Threat Percentile

Global Comparison

Compared against 198,829 reported IPs worldwide

Threat Level 8/10 avg: 5.3 ++
Total Reports 397 avg: 23 ++

Network Comparison

Compared against 24 IPs in ASN 31034

Threat Level 8/10 network avg: 5.7 +
Total Reports 397 network avg: 27 ++
Network Aruba S.p.A. has overall threat level 4/10

Geographic Comparison

Compared against 1,032 IPs in IT

Threat Level 8/10 country avg: 4.3 ++
Total Reports 397 country avg: 11 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

186,577 threat incidents tracked globally • Last 24h: 18,644 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,346 20.6%
  2. 02
    IN
    India IN
    28,859 15.5%
  3. 03
    CN
    China CN
    25,975 13.9%
  4. 04
    BR
    Brazil BR
    10,216 5.5%
  5. 05
    DE
    Germany DE
    7,134 3.8%
  6. 06
    SG
    Singapore SG
    6,459 3.5%
  7. 07
    ID
    Indonesia ID
    5,497 2.9%
  8. 08
    RU
    Russia RU
    4,696 2.5%
  9. 09
    PK
    Pakistan PK
    4,635 2.5%
  10. 10
    NL
    Netherlands NL
    4,351 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same Autonomous System (AS) network provider.

20 Related IPs
5.6/10 Avg Threat
32% Avg Confidence
11 High Threat
High-risk network: Majority of related IPs are flagged
85.235.135.46 8/10
Confidence 71%
Reports 69
Location IT IT
7 Nov 2025
5.249.153.196 10/10
Confidence 69%
Reports 43
Location IT IT
1 Mar 2026
80.211.129.31 10/10
Confidence 65%
Reports 49
Location IT IT
19 Oct 2025
85.235.142.71 10/10
Confidence 62%
Reports 13
Location IT IT
16 Oct 2025
188.213.170.150 10/10
Confidence 43%
Reports 7
Location IT IT
16 Mar 2026
31.11.36.220 10/10
Confidence 34%
Reports 5
Location IT IT
19 Oct 2025
80.211.147.57 0/10
Confidence 30%
Reports 1
Location IT IT
6 May 2026
95.110.230.43 0/10
Confidence 30%
Reports 1
Location IT IT
14 Apr 2026
212.237.45.196 0/10
Confidence 29%
Reports 3
Location IT IT
1 Mar 2026
62.149.207.247 0/10
Confidence 29%
Reports 2
Location IT IT
20 Feb 2026
77.81.236.136 0/10
Confidence 29%
Reports 2
Location IT IT
20 Feb 2026
188.213.175.41 7/10
Confidence 29%
Reports 1
Location IT IT
7 Jun 2026
212.237.42.178 0/10
Confidence 29%
Reports 1
Location IT IT
4 Mar 2026
62.149.192.27 0/10
Confidence 23%
Reports 2
Location IT IT
28 Jan 2026
80.211.74.163 7/10
Confidence 20%
Reports 1
Location IT IT
10 Feb 2026
89.46.107.133 10/10
Confidence 17%
Reports 14
Location IT IT
11 Nov 2025
89.46.108.223 10/10
Confidence 16%
Reports 7
Location IT IT
27 Aug 2025
89.46.109.92 7/10
Confidence 9%
Reports 17
Location IT IT
10 Nov 2025
89.46.110.149 6/10
Confidence 7%
Reports 1
Location IT IT
11 Nov 2025
80.211.229.185 6/10
Confidence 5%
Reports 1
Location IT IT
27 Jan 2026

IPs from the same subnet range, likely same network segment.

1 Related IPs
5/10 Avg Threat
5% Avg Confidence
95.110.231.169 5/10
Confidence 5%
Reports 1
Location IT IT
27 Jan 2026

IPs from the same country with similar threat profiles.

15 Related IPs
9.5/10 Avg Threat
99% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
81.57.15.243 10/10
Confidence 100%
Reports 56
ISP Scaleway S.a.s.
6 Jun 2026
212.66.99.54 8/10
Confidence 100%
Reports 49
ISP Panservice s.a....
8 Jun 2026
185.180.182.154 10/10
Confidence 100%
Reports 20
ISP Timenet SpA
1 Jun 2026
88.149.228.20 10/10
Confidence 99%
Reports 80
ISP EOLO S.p.A.
7 Jun 2026
79.3.96.178 10/10
Confidence 99%
Reports 52
ISP TIM
6 Jun 2026
79.55.224.44 10/10
Confidence 99%
Reports 36
ISP TIM
11 May 2026
93.39.209.147 10/10
Confidence 99%
Reports 30
ISP Fastweb
10 May 2026
5.99.196.202 10/10
Confidence 99%
Reports 19
ISP TIM
8 Jun 2026
95.231.249.182 10/10
Confidence 99%
Reports 19
ISP TIM
19 May 2026
151.95.83.235 10/10
Confidence 99%
Reports 12
ISP Wind Tre S.p.A.
3 Jun 2026
2.32.201.235 8/10
Confidence 98%
Reports 22
ISP Fastweb
31 May 2026
93.48.24.181 10/10
Confidence 98%
Reports 20
ISP Fastweb
3 Jun 2026
151.60.216.153 8/10
Confidence 97%
Reports 32
ISP Wind Tre S.p.A.
26 Feb 2026
79.36.191.212 8/10
Confidence 97%
Reports 24
ISP TIM
8 Jun 2026
152.89.170.227 10/10
Confidence 97%
Reports 19
ISP Lumanex Srl
30 Apr 2026

IPs with similar threat level and confidence scores.

15 Related IPs
8.5/10 Avg Threat
82% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
207.90.244.3 8/10
Confidence 82%
Reports 13,300
Location US US
9 Jun 2026
207.90.244.2 8/10
Confidence 82%
Reports 13,189
Location US US
9 Jun 2026
147.182.225.86 8/10
Confidence 82%
Reports 9,077
Location US US
9 Jun 2026
130.12.181.104 8/10
Confidence 82%
Reports 3,340
Location DE DE
6 Jun 2026
137.184.95.216 8/10
Confidence 82%
Reports 2,205
Location US US
9 Jun 2026
101.36.107.103 8/10
Confidence 82%
Reports 890
Location HK HK
27 Feb 2026
60.254.111.212 8/10
Confidence 82%
Reports 588
Location IN IN
16 Dec 2025
64.62.197.212 8/10
Confidence 82%
Reports 570
Location US US
8 Jun 2026
65.49.1.66 8/10
Confidence 82%
Reports 566
Location US US
8 Jun 2026
204.76.203.213 10/10
Confidence 82%
Reports 561
Location NL NL
7 Jun 2026
184.105.247.254 8/10
Confidence 82%
Reports 550
Location US US
7 Jun 2026
216.218.206.67 10/10
Confidence 82%
Reports 522
Location US US
8 Jun 2026
65.49.1.52 8/10
Confidence 82%
Reports 521
Location US US
8 Jun 2026
80.94.95.221 10/10
Confidence 82%
Reports 468
Location RO RO
8 Jun 2026
37.148.132.99 10/10
Confidence 82%
Reports 275
Location BR BR
28 May 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "95.110.231.151",
    "threat_level": 8,
    "confidence_score": 82,
    "total_reports": 397,
    "country_code": "IT",
    "isp_name": "Aruba S.p.A.",
    "asn": "31034",
    "first_reported": "2025-12-13 23:35:45",
    "last_reported": "2025-12-15 11:35:38",
    "exported_at": "2026-06-09T02:13:11+02:00",
    "source": "https://reportedip.de/ip/95.110.231.151/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses