Substantial Risk
IP 74.82.47.5, registered to Hurricane Electric's network (AS6939) in the United States, is a high-risk threat actor with a threat level of 8/10 and an activity frequency of 8/10, supported by 964 total abuse reports across a multi-month observation window. The dominant threat profile is hacking activity, which accounts for the vast majority of recent reports, indicating this address is actively engaged in intrusion attempts and exploitation of vulnerable services rather than casual scanning.
The IP has been reported through 20 distinct automated honeypot sensors, generating 964 reports with a confidence score of 77%. Concrete attack patterns include active attack connections, malware and exploit behavior, and a Suricata alert flagging an application layer protocol mismatch in both communication directions. The reported activity spans the categories of Hacking (19 reports) and Exploited Host (1 report), with the former representing persistent, deliberate hostile activity. Given the volume of reports and the presence of exploit-related behavior, this IP is almost certainly being used to compromise external systems or probe for vulnerabilities across the internet.
Hacking activity in this context means the IP is actively attempting to gain unauthorized access to services, exploit software vulnerabilities, or deploy malicious payloads. The protocol mismatch alert suggests the actor may be using modified client requests or tunneling techniques to evade detection. An address with this report density poses a significant risk to any exposed SSH, RDP, web application, or database services. Systems that are unpatched, misconfigured, or lack strong authentication controls are particularly vulnerable to compromise when targeted by an actor with this level of activity.
Network operators should block IP 74.82.47.5 at the firewall or edge security layer, particularly given the confirmed exploit-related behavior and persistent attack connections. Implement automated blocking with tools such as fail2ban or crowdsec to respond to repeated connection attempts in real time. Enforce strong, unique credentials and disable password-based authentication where possible, especially on externally facing services. Maintain rigorous patch management to eliminate the vulnerabilities most commonly targeted in hacking campaigns, and monitor logs for the protocol mismatch patterns associated with this address to identify any successful infiltration attempts.
FR 
MA 
GB 
UA