Substantial Risk
IP 64.62.197.137 is a high-risk address operating from United States infrastructure (AS6939, Hurricane Electric) that has been linked to 887 abuse reports spanning approximately 11 months, with automated honeypot sensors flagging it consistently for active hacking activity including reconnaissance probes and unauthorized access attempts. The threat level of 8/10 and activity frequency of 8/10 reflect sustained, aggressive behavior rather than isolated incidents.
Detection data gathered from 20 independent automated honeypot sensors reveals that this IP has maintained persistent engagement with vulnerable services since its first recorded report in August 2025, with its most recent activity logged in June 2026. The confidence score of 78% indicates a well-established threat profile supported by concrete evidence. Network analysis points to Hurricane Electric's large ASN infrastructure, which is frequently targeted by malicious actors due to its extensive global footprint and transit capabilities. The concentration of 20 recent reports specifically categorized under hacking activity demonstrates that this address is not merely generating noise but is actively engaged in deliberate intrusion attempts.
The dominant threat category recorded for this IP involves general hacking activity characterized by intrusion attempts, exploitation attempts, and unauthorized access probes. The detected Suricata alert referencing asymmetric protocol detection (connections established with incomplete handshake sequences) suggests the actor is conducting reconnaissance sweeps or testing firewall responses before launching more targeted attacks. This pattern is typical of threat actors scanning for open ports, outdated services, or misconfigured systems that can be exploited for persistent access. Organizations with exposed SSH, HTTP, or other network services face the greatest risk from this type of persistent scanning behavior.
Site operators should treat this IP as malicious and implement immediate blocking at the firewall or network edge layer based on its established abuse history. Implementing fail2ban or similar dynamic deny-listing tools can automate the blocking process when repeated connection attempts match hostile signatures. Rate-limiting incoming connections per source IP and enforcing strong authentication requirements (key-based authentication for SSH, multi-factor authentication for administrative interfaces) will reduce the effectiveness of any attempted intrusions. Regular security auditing and prompt patching of exposed services eliminate the vulnerabilities such scanning activity typically seeks to exploit.
UA 
RO 
GB 
BG 
KZ 
FR 
PS 
VN