IP Address

65.49.1.38

IPv4 Public
US US
AS6939
HURRICANE
405 Reports
This IP is on the Blacklist High confidence threat - blocking recommended
8/10 Threat
89% Confidence
405 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Above Average Risk
US
US Location
HURRICANE ASN 6939
405 Reports
Honeypot Data Source

Significant Threat

IP address 65.49.1.38 is a high-risk address associated with active hacking activity, operated through Hurricane Electric's network (AS6939) in the United States, with a threat level of 8/10 and a 91% confidence score based on 370 total abuse reports collected over approximately eleven months between August 2025 and June 2026.

Automated honeypot sensors generated the bulk of these reports, with 20 distinct sensors detecting the activity. The dominant threat category is general hacking attempts (19 recent reports), supplemented by isolated IoT-targeted activity (1 recent report). Network analysis revealed a Suricata alert pattern indicating protocol mismatch anomalies across bidirectional connections, suggesting the address is cycling through different service fingerprints to identify vulnerable entry points. The high activity frequency score of 8/10 confirms sustained, repeated engagement with target systems rather than opportunistic single-pass scanning.

The prevailing hacking activity encompasses intrusion attempts, vulnerability exploitation, and unauthorized access probes targeting exposed services. Combined with the IoT targeting indicators, this IP demonstrates the hallmarks of reconnaissance and exploitation activity aimed at both traditional server infrastructure and connected devices. The protocol mismatch behavior particularly suggests automated tooling designed to evade basic detection by presenting inconsistent application-layer signatures. Organizations with exposed SSH, Telnet, or HTTP interfaces face the most direct risk from this address pattern.

Site operators should implement immediate defensive measures including rate-limiting authentication endpoints, deploying intrusion detection rules that flag protocol anomalies, and applying strict access controls on IoT and ICS environments. Regularly updating system patches, using strong authentication mechanisms, and monitoring honeypot and community threat feeds for this IP reputation will reduce exposure. Network segmentation of IoT devices and disabling unnecessary services further limits the attack surface available to this type of automated threat actor.

More threatening than 81% of monitored IPs

Threat Categories

Hacking 27
Exploited Host 1
IoT Targeted 1
Web App Attack 1

Technical Details

General hacking activity includes various intrusion attempts, exploitation of vulnerabilities, and unauthorized access attempts.

Recommended Mitigations

Keep systems patched, implement intrusion detection, and follow security best practices.

Behavioral Analysis

Activity Pattern: Consistent Activity

Steady malicious activity over 4 weeks indicates persistent threat actor operations.

First Observed 15. May 2026
Last Activity 13. June 2026
Recent (7 days) 15 incidents

Reputable Network

This IP is hosted on a network (ASN 6939) with generally good reputation. The ISP HURRICANE maintains standard security practices.

The malicious activity may represent an isolated compromised system rather than systematic abuse.

Security Recommendations

Long-term blocking recommended.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 8/10 High
Critical
Activity Frequency 8/10 High
Confidence Score 89% Verified

Confidence History

3. Jun 2026 - 13. Jun 2026
89% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
New Hacking Honeypot 75%
New Hacking Honeypot 75%
New Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Exploited Host Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
IoT Targeted Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Web App Attack Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
Hacking Honeypot 75%
10 of 405 shown

Technical Details

Basic Information

IP Address
65.49.1.38
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class A

Geolocation

Country
US US
ASN
AS6939
ISP
HURRICANE

DNS Information

Reverse DNS
scan-54a.shadowserver.org
PTR Record
Yes
Connection Type
Static

Statistics

Total Reports
405
First Reported
18 Aug 2025
Last Reported
13 Jun 2026, 12:46

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS6939
Hurricane Electric LLC
US US

Network Threat Assessment

1/10
This network appears to be relatively clean with very low threat indicators.

Network Statistics

1,007
Total IPs Monitored
42,571
Total Reports
42.3
Reports per IP

Network Context

This IP address belongs to Hurricane Electric LLC (AS6939), which manages 1,007 IP addresses in our monitoring system. Out of these, 42,571 have been reported for suspicious activities, resulting in a network-wide threat level of 1/10.

Network status: This network appears to be well-maintained with low threat indicators.

Comparative Analysis

How this IP compares to others in our threat intelligence database

81 %

Global Threat Ranking

This IP is more threatening than 81% of all IPs in our database.

High Threat Percentile

Global Comparison

Compared against 208,603 reported IPs worldwide

Threat Level 8/10 avg: 5.4 +
Total Reports 405 avg: 22 ++

Network Comparison

Compared against 1,037 IPs in ASN 6939

Threat Level 8/10 network avg: 8.2 =
Total Reports 405 network avg: 56 ++
Network HURRICANE has overall threat level 1/10

Geographic Comparison

Compared against 39,987 IPs in US

Threat Level 8/10 country avg: 6.0 +
Total Reports 405 country avg: 40 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

195,629 threat incidents tracked globally • Last 24h: 16,972 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US THIS IP
    39,967 20.4%
  2. 02
    IN
    India IN
    31,195 15.9%
  3. 03
    CN
    China CN
    26,677 13.6%
  4. 04
    BR
    Brazil BR
    10,632 5.4%
  5. 05
    DE
    Germany DE
    7,405 3.8%
  6. 06
    SG
    Singapore SG
    6,661 3.4%
  7. 07
    ID
    Indonesia ID
    5,819 3%
  8. 08
    PK
    Pakistan PK
    5,050 2.6%
  9. 09
    RU
    Russia RU
    4,995 2.6%
  10. 10
    NL
    Netherlands NL
    4,544 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same Autonomous System (AS) network provider.

20 Related IPs
9.4/10 Avg Threat
95% Avg Confidence
20 High Threat
High-risk network: Majority of related IPs are flagged
65.49.1.141 10/10
Confidence 96%
Reports 24
Location US US
9 Jun 2026
65.49.1.32 8/10
Confidence 96%
Reports 19
Location US US
7 Jun 2026
65.49.1.29 10/10
Confidence 96%
Reports 15
Location US US
23 May 2026
64.62.197.102 10/10
Confidence 96%
Reports 14
Location US US
7 Jun 2026
64.62.156.118 8/10
Confidence 96%
Reports 12
Location US US
11 Jun 2026
65.49.1.146 10/10
Confidence 95%
Reports 27
Location US US
12 Jun 2026
65.49.1.240 10/10
Confidence 95%
Reports 19
Location US US
21 May 2026
216.218.206.69 8/10
Confidence 94%
Reports 366
Location US US
13 Jun 2026
64.62.197.48 8/10
Confidence 94%
Reports 180
Location US US
12 Jun 2026
216.218.130.76 10/10
Confidence 94%
Reports 37
Location US US
5 May 2026
65.49.1.139 10/10
Confidence 94%
Reports 28
Location US US
9 Jun 2026
65.49.1.145 8/10
Confidence 94%
Reports 28
Location US US
3 Jun 2026
64.62.156.124 10/10
Confidence 94%
Reports 28
Location US US
9 Jun 2026
64.62.156.178 10/10
Confidence 94%
Reports 27
Location US US
6 Jun 2026
65.49.1.185 10/10
Confidence 94%
Reports 26
Location US US
11 Jun 2026
64.62.156.198 10/10
Confidence 94%
Reports 26
Location US US
7 Jun 2026
65.49.1.233 10/10
Confidence 94%
Reports 26
Location US US
7 Jun 2026
65.49.1.209 10/10
Confidence 94%
Reports 25
Location US US
2 Jun 2026
65.49.1.12 10/10
Confidence 94%
Reports 25
Location US US
5 Jun 2026
65.49.1.151 8/10
Confidence 94%
Reports 24
Location US US
11 Jun 2026

IPs from the same subnet range, likely same network segment.

20 Related IPs
9.4/10 Avg Threat
94% Avg Confidence
20 High Threat
High-risk network: Majority of related IPs are flagged
65.49.1.141 10/10
Confidence 96%
Reports 24
Location US US
9 Jun 2026
65.49.1.32 8/10
Confidence 96%
Reports 19
Location US US
7 Jun 2026
65.49.1.29 10/10
Confidence 96%
Reports 15
Location US US
23 May 2026
65.49.1.146 10/10
Confidence 95%
Reports 27
Location US US
12 Jun 2026
65.49.1.240 10/10
Confidence 95%
Reports 19
Location US US
21 May 2026
65.49.1.139 10/10
Confidence 94%
Reports 28
Location US US
9 Jun 2026
65.49.1.145 8/10
Confidence 94%
Reports 28
Location US US
3 Jun 2026
65.49.1.185 10/10
Confidence 94%
Reports 26
Location US US
11 Jun 2026
65.49.1.233 10/10
Confidence 94%
Reports 26
Location US US
7 Jun 2026
65.49.1.209 10/10
Confidence 94%
Reports 25
Location US US
2 Jun 2026
65.49.1.12 10/10
Confidence 94%
Reports 25
Location US US
5 Jun 2026
65.49.1.151 8/10
Confidence 94%
Reports 24
Location US US
11 Jun 2026
65.49.1.236 10/10
Confidence 94%
Reports 24
Location US US
9 Jun 2026
65.49.1.190 8/10
Confidence 94%
Reports 23
Location US US
8 Jun 2026
65.49.1.136 8/10
Confidence 94%
Reports 23
Location US US
12 Jun 2026
65.49.1.178 10/10
Confidence 94%
Reports 22
Location US US
8 Jun 2026
65.49.1.23 8/10
Confidence 94%
Reports 22
Location US US
1 Jun 2026
65.49.1.129 10/10
Confidence 94%
Reports 22
Location US US
9 Jun 2026
65.49.1.230 10/10
Confidence 94%
Reports 21
Location US US
8 Jun 2026
65.49.1.153 10/10
Confidence 94%
Reports 21
Location US US
9 Jun 2026

IPs from the same country with similar threat profiles.

15 Related IPs
8.3/10 Avg Threat
100% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
50.6.7.129 8/10
Confidence 100%
Reports 447
ISP ORACLE-BMC-31898
22 May 2026
72.167.150.128 8/10
Confidence 100%
Reports 429
ISP GO-DADDY-COM-LLC
27 May 2026
50.6.229.148 8/10
Confidence 100%
Reports 346
ISP ORACLE-BMC-31898
9 May 2026
87.121.84.30 8/10
Confidence 100%
Reports 295
ISP Vpsvault.host Ltd
20 Apr 2026
50.6.226.221 10/10
Confidence 100%
Reports 223
ISP ORACLE-BMC-31898
2 Mar 2026
31.57.184.107 8/10
Confidence 100%
Reports 202
ISP Netiface LLC
3 Jun 2026
64.31.25.250 8/10
Confidence 100%
Reports 176
ISP Limestone Netwo...
8 Jun 2026
74.206.180.196 8/10
Confidence 100%
Reports 143
ISP MOJOHOST
4 Jun 2026
35.226.7.126 8/10
Confidence 100%
Reports 131
ISP Google LLC
18 May 2026
147.135.37.185 8/10
Confidence 100%
Reports 131
ISP OVH SAS
14 May 2026
162.241.152.21 8/10
Confidence 100%
Reports 126
ISP Network Solutio...
8 Jun 2026
38.95.35.74 8/10
Confidence 100%
Reports 112
ISP Limestone Netwo...
2 Jun 2026
50.6.169.131 8/10
Confidence 100%
Reports 106
ISP Network Solutio...
6 Jun 2026
162.214.206.32 10/10
Confidence 100%
Reports 98
ISP Unified Layer
30 May 2026
104.238.222.26 8/10
Confidence 100%
Reports 86
ISP ReliableSite.Ne...
4 Jun 2026

IPs with similar threat level and confidence scores.

15 Related IPs
8.9/10 Avg Threat
89% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
176.65.149.230 10/10
Confidence 89%
Reports 4,936
Location NL NL
11 Jun 2026
176.65.149.55 10/10
Confidence 89%
Reports 4,251
Location NL NL
13 Jun 2026
152.32.170.55 10/10
Confidence 89%
Reports 2,225
Location HK HK
13 Jun 2026
165.227.110.45 8/10
Confidence 89%
Reports 1,570
Location US US
13 Jun 2026
137.184.112.103 8/10
Confidence 89%
Reports 1,530
Location US US
13 Jun 2026
62.171.176.188 10/10
Confidence 89%
Reports 1,032
Location FR FR
13 Jun 2026
92.63.197.77 8/10
Confidence 89%
Reports 635
Location UA UA
10 May 2026
206.189.106.82 8/10
Confidence 89%
Reports 477
Location NL NL
9 Feb 2026
184.105.247.252 10/10
Confidence 89%
Reports 455
Location US US
13 Jun 2026
165.154.163.10 8/10
Confidence 89%
Reports 406
Location US US
13 Jun 2026
64.62.197.2 8/10
Confidence 89%
Reports 397
Location US US
13 Jun 2026
150.107.38.251 8/10
Confidence 89%
Reports 346
Location HK HK
13 Jun 2026
185.243.5.46 8/10
Confidence 89%
Reports 299
Location HK HK
12 Jun 2026
185.50.38.135 10/10
Confidence 89%
Reports 267
Location IR IR
28 Feb 2026
176.65.149.45 10/10
Confidence 89%
Reports 230
Location NL NL
12 Jun 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "65.49.1.38",
    "threat_level": 8,
    "confidence_score": 89,
    "total_reports": 405,
    "country_code": "US",
    "isp_name": "HURRICANE",
    "asn": "6939",
    "first_reported": "2025-08-18 13:53:29",
    "last_reported": "2026-06-13 12:46:22",
    "exported_at": "2026-06-13T14:19:19+02:00",
    "source": "https://reportedip.de/ip/65.49.1.38/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses