Maximum Danger
IP 176.65.149.67 is a critical-risk address assessed at a perfect 10 out of 10 threat level, linked to 3,988 abuse reports filed over approximately eleven months between August 2025 and June 2026. The overwhelming majority of these reports attribute the activity to general hacking operations, including unauthorized access attempts and exploitation-oriented behavior detected by automated honeypot sensors across the security community.
The Netherlands-registered address operates within AS51396, administered by Pfcloud UG, and exhibits an activity frequency rated 8 out of 10, indicating sustained and repeated offensive operations rather than isolated scanning. All 20 most recent threat-category reports specifically document Hacking activity, with corresponding attack-pattern telemetry capturing connection attempts and a Suricata alert flagging an SSH session established on an unusual port. The 91 percent confidence score reflects strong consensus among detection sources that this IP represents genuinely malicious infrastructure rather than misconfigured or ambiguous traffic.
Hacking activity of this intensity and volume poses a direct threat to any exposed service. The documented SSH session on a non-standard port suggests the operator is either running brute-force authentication attempts through unconventional channels to evade standard monitoring, or conducting targeted intrusion reconnaissance against specific targets. With nearly four thousand cumulative reports and continuous activity spanning nearly a year, this address demonstrates persistent, professional-grade adversarial behavior rather than opportunistic or amateur scanning.
Site operators should block this IP address at the network perimeter firewall, implement fail2ban or equivalent dynamic firewall rules to automatically reject repeated connection attempts, and enforce strong authentication requirements for any exposed SSH or administrative interfaces. Disabling password-based authentication in favor of key-based access and monitoring logs for unusual SSH port usage will substantially reduce exposure to the techniques this actor employs.
SE 
IR 
HK 
UA