Substantial Risk
IP 64.62.197.92 is a high-risk address linked to hacking activity, operating from Hurricane Electric's network (AS6939) in the United States with a threat level of 8/10 and 1784 abuse reports filed by automated honeypot sensors over an eleven-month period between August 2025 and June 2026.
Analysis of the reported data reveals sustained malicious activity with an activity frequency rating of 8/10, indicating near-continuous engagement with honeypot infrastructure. The 1784 total reports originated exclusively from 20 automated honeypot sensors, suggesting systematic scanning behaviour rather than opportunistic targeting. While the confidence score of 76% leaves room for some uncertainty in attribution, the volume and consistency of reports strongly support the high-risk assessment. The network is operated by Hurricane Electric, a major US backbone provider whose IP space is frequently abused due to its broad allocation practices. The geographic origin in the United States does not indicate benign intent, as threat actors routinely operate from infrastructure in well-connected regions to maximise their reach and anonymity.
The dominant threat category, hacking activity accounting for 20 of the 21 reported incidents, encompasses intrusion attempts, vulnerability exploitation and unauthorised access probing. The detected Suricata alert indicating an application-layer protocol mismatch in both directions is characteristic of reconnaissance and enumeration techniques, where an attacker tests service responses to identify misconfigurations or exploitable services. Web application attacks, represented by a single recent report, target application-layer vulnerabilities such as those documented in the OWASP Top 10, posing a concrete risk to any exposed web services. The combination of persistent scanning activity and probing for application-layer weaknesses indicates that this IP poses a credible threat to unhardened or unmonitored services.
Site operators should implement automated blocking mechanisms such as fail2ban or similar tools to respond to repeated connection attempts from this address. Rate limiting on authentication endpoints and enforcement of strong, unique credentials significantly reduce the effectiveness of intrusion attempts. Regular patching of operating systems and applications, combined with deployment of a web application firewall, addresses both the hacking and web app attack vectors. Continuous monitoring and log analysis will help identify any successful reconnaissance or exploitation attempts before they escalate into a breach.
FR 
MA 
GB 
UA