Elevated Risk
IP 64.62.156.66 is a high-risk address operating from Hurricane Electric's AS6939 network in the United States that automated honeypot sensors have flagged 615 times between August 2025 and June 2026, with recent reports consistently classifying its activity as hacking and exploitation attempts. The IP carries a threat level of 8/10 and an activity frequency of 8/10, reflecting persistent and aggressive offensive operations over an approximately eleven-month window. With a confidence score of 85%, this address presents a clear and documented danger to any exposed services, particularly those running SSH and Redis.
Detection data from 20 automated honeypot sensors across the threat community reveals a sustained campaign of intrusion activity tied to this address. Suricata security sensors logged multiple protocol anomalies, including application-layer mismatches indicating brute-force SSH attempts and TLS record type irregularities. Additional detection patterns document Redis attack vectors and single-direction protocol detection alerts consistent with reconnaissance or exploit probing. The volume and consistency of these reports over nearly a year firmly establish this IP as an ongoing operational threat rather than a transient or opportunistic actor.
The dominant threat category, Hacking, encompasses unauthorized access attempts, vulnerability exploitation and intrusion activity that can lead to data breaches, service disruption or complete system compromise. The Exploited Host classification indicates the address itself may belong to a compromised machine being weaponized without the owner's knowledge, amplifying its threat potential. SSH brute-force activity specifically targets authentication mechanisms to gain server access, while Redis attacks can result in data exfiltration or remote code execution depending on configuration exposure. Each category represents a distinct pathway to significant organizational damage if left unmitigated.
Network defenders should immediately block 64.62.156.66 at the firewall or intrusion prevention level to eliminate contact with this source. SSH services should be hardened through key-based authentication, non-default ports and root login restrictions, with tools like fail2ban providing automated response to repeated authentication failures. Redis deployments should be reviewed to ensure authentication is enforced and binding restricted to local interfaces. Continuous monitoring for scanning activity from this IP and prompt application of security patches across exposed services will further reduce the attack surface this address targets.
GB 
RO 
AU