Notable Threat
IP 64.62.156.152 is a high-risk address that has accumulated 497 abuse reports over approximately eleven months, with automated honeypot sensors flagging it primarily for general hacking activity including protocol anomalies and unauthorized access attempts. With a threat level of 8 out of 10 and an activity frequency rated 8 out of 10, this IP represents a persistent, actively engaged threat vector targeting exposed network services.
The address routes through Hurricane Electric's AS6939 network in the United States, and the sustained volume of reports from August 2025 through June 2026 indicates consistent malicious behavior over an extended period. All 497 reports originated from automated honeypot sensors, giving the assessment a confidence rating of 86 percent. The detection data shows protocol-related anomalies, specifically alerts for irregular protocol detection patterns and invalid TLS record types, suggesting the attacking host is probing or exploiting services that terminate TLS connections or perform deep packet inspection.
The hacking classification encompasses intrusion attempts, vulnerability exploitation, and unauthorized access probes, which poses a concrete risk to any exposed service handling authentication, data transmission, or remote administration. The protocol-level indicators suggest the attacking host may be testing for misconfigured TLS implementations, scanning for outdated cipher suites, or attempting to trigger unexpected states in target applications through malformed protocol traffic. This behavior typically precedes more targeted exploitation or serves as reconnaissance for subsequent attacks against unprotected entry points.
Site operators should consider blocking this IP address at the network perimeter or implementing strict geographic and ASN-based access controls. Deploying fail2ban or equivalent log-based intrusion prevention tools can automatically ban repeated offending hosts. Enforcing strong TLS configurations, disabling outdated protocol versions, and maintaining current patch schedules on all internet-facing services will reduce the attack surface this IP likely attempts to exploit. Continuous monitoring of authentication logs and implementing multi-factor authentication for administrative interfaces provides additional defense against the types of access attempts this address has demonstrated.
RO 
PL