Significant Threat
IP 64.62.156.122 is a high-risk address operating from Hurricane Electric's AS6939 network in the United States, with a threat level of 8/10 and a 93% confidence score, primarily linked to sustained hacking activity and SMTP abuse detected by automated honeypot sensors over an eleven-month period.
Security monitoring systems logged 436 abuse reports against this IP across 20 distinct honeypot sensors, with activity first documented in August 2025 and continuing through June 2026 at an intensity rated 8/10. The dominant threat category is hacking (19 recent reports), followed distantly by email spam (2 reports). Detection mechanisms, including Suricata intrusion-detection alerts, flagged anomalous SMTP protocol behavior indicating potential spam propagation or reconnaissance activity. The volume and consistency of reports over nearly a year demonstrate persistent, automated scanning behavior originating from this address.
The hacking activity associated with this IP suggests automated vulnerability probing and intrusion attempt patterns commonly deployed by botnets or threat actors scanning for exposed services. SMTP abuse detected on honeypot sensors indicates attempts to exploit mail servers for spam distribution or phishing delivery. While the report count for email spam remains relatively low, the presence of protocol-only detection suggests the actor may be testing mail-server configurations or performing reconnaissance before launching larger campaigns. The sustained frequency of reports across multiple detection points confirms this is not isolated or accidental traffic.
Network administrators should block or rate-limit connections from this address at the firewall level, particularly for inbound SMTP and SSH ports which are typical targets for such scanning activity. Implementing intrusion-detection rules and monitoring for Suricata-style protocol anomalies will help identify ongoing probes. Systems exposed to this traffic should enforce strong authentication, apply security patches promptly, and consider deploying defensive tools such as fail2ban to automatically block repeated offenders. Email infrastructure operators should verify their SPF, DKIM, and DMARC configurations are correctly implemented to mitigate any spam originating from or targeting this actor's observed behavior patterns.
MU