Substantial Risk
IP 65.49.1.94 is a high-risk address linked to sustained hacking activity with a threat level of 8/10 and a 95% confidence rating drawn from 340 total abuse reports submitted over nearly a year of continuous detection.
The IP originates from AS6939 (Hurricane Electric) infrastructure in the United States and has been flagged by automated honeypot sensors since August 2025, with activity persisting through June 2026. The address demonstrates an activity frequency of 8/10, indicating persistent engagement rather than opportunistic scanning. Detection systems recorded protocol anomalies including malformed TLS record types and application-layer protocol mismatches across both communication directions, consistent with reconnaissance and vulnerability-probing behavior targeting exposed services.
The dominant threat category of hacking encompasses intrusion attempts, exploitation of vulnerabilities, and unauthorized access probes. The observed TLS and protocol-level anomalies suggest the actor is actively fingerprinting or testing services for known weaknesses rather than conducting purely opportunistic scans. Such activity creates a concrete risk of successful exploitation against unpatched or misconfigured services, potentially leading to data compromise or unauthorized system access.
Site operators should consider blocking this IP at the network perimeter and implementing connection rate-limiting to reduce automated attack volume. Deploying intrusion detection systems and enforcing strong authentication mechanisms, including multi-factor authentication, provides critical defensive layers. Regular patching and security monitoring aligned with current best practices will help mitigate vulnerabilities that probing activity of this nature attempts to identify and exploit.
RO 
FR 
SE 
TR