Substantial Risk
IP 65.49.1.52 is a high-risk address linked to sustained hacking activity, with 504 total abuse reports and a threat level of 8/10 indicating a significant danger to any exposed service.
The data shows 20 automated honeypot sensors detected this IP repeatedly between August 2025 and June 2026, generating 504 reports with an activity frequency of 8/10. Originating from Hurricane Electric's network (AS6939) in the United States, the address demonstrates a persistent scanning or attack pattern over approximately ten months. The dominant threat category is general hacking (19 reports), supplemented by isolated IoT-targeted activity (1 report). Network traffic analysis revealed protocol anomalies characteristic of reconnaissance or exploitation attempts, specifically Suricata alerts flagging atypical one-direction protocol communication commonly associated with service fingerprinting or vulnerability probing.
General hacking activity encompasses the full spectrum of unauthorized access attempts, including credential stuffing, brute-force attacks, and vulnerability exploitation against exposed services. The volume and frequency of reports indicate this is not opportunistic scanning but deliberate, sustained intrusion activity. An address with this reputation poses concrete risks of account compromise, data exfiltration, or use as a pivot point for deeper network intrusion if any vulnerable service is left exposed to the internet.
Site operators should block or aggressively rate-limit traffic from this address at the network perimeter and implement dynamic blocking tools such as fail2ban to automatically mitigate repeated authentication attempts. All exposed services should be kept current with security patches, and unnecessary services should be disabled to reduce attack surface. Network segmentation and strict access controls are recommended to limit lateral movement risk if an intrusion attempt were to succeed.
HK 
RO 
IT