Elevated Risk
IP 64.62.156.182 is a high-risk address operated through Hurricane Electric's network (AS6939) in the United States, assessed with a threat level of 8/10 and a 91% confidence rating. With 391 abuse reports sourced from 20 automated honeypot sensors and an activity frequency rated 8/10, this IP has demonstrated persistent, broad-spectrum hostile probing behaviour across a nine-month window from September 2025 to June 2026. The dominant threat signature is general hacking activity, supplemented by targeted probes against IoT infrastructure, web application vulnerabilities, and evidence that the host itself may be operating as a compromised attack platform. The sheer volume and consistency of reports make this one of the more reliably hostile addresses currently circulating in public threat-feeds.
The report corpus paints a clear picture of an IP engaged in automated vulnerability enumeration at scale. The 391 total reports span 20 separate honeypot detection points, indicating that this address is being used in coordinated, multi-vector scanning campaigns rather than opportunistic one-off attempts. While general hacking activity accounts for the majority of the most recent reports, the presence of IoT-targeted probes and web application attack signatures confirms that the operator is casting a wide net across different classes of exposed services. The detection of an "Exploited Host" classification within the last reports is particularly notable: it suggests that IP 64.62.156.182 may itself be running on a compromised or abused system within Hurricane Electric's infrastructure, allowing the true orchestrator to obscure their origin while leveraging a seemingly legitimate US-based exit point. The sustained activity frequency over nine months demonstrates deliberate, ongoing operation rather than incidental or short-lived scanning bursts.
Hacking activity of this profile typically involves automated tools conducting network sweeps, credential stuffing, and vulnerability scanning against exposed services including web applications, remote administration interfaces, and IoT device management panels. The real-world risk is that any internet-facing service reachable from this IP — whether a SSH daemon, a web server, an API endpoint, or an IoT management interface — faces repeated probing designed to identify and exploit known misconfigurations or unpatched software. When combined with IoT-targeted activity, the risk extends to networked devices running default credentials or outdated firmware, which can be subverted to form botnets, exfiltrate data, or serve as persistent beachheads within a victim's internal network. The possibility that this IP itself is an exploited host further complicates remediation, as the underlying network operator may be an unwitting participant in the attacks.
FR 
UA