Maximum Danger
IP 87.251.64.159 is a critical-risk address currently flagged with a perfect 10/10 threat level and 94% confidence based on 2,236 abuse reports filed over approximately two months. This IP, registered in the United States under ASN AS200730 operated by ISAEV Igor, has been flagged exclusively for general hacking activity, representing a sustained and aggressive intrusion threat that warrants immediate blocking by any exposed service.
The evidence base for this assessment is substantial and technically robust. All 2,236 reports originated from automated honeypot sensors distributed across the security community network, with a consistent activity frequency rating of 8/10 indicating near-continuous probing behavior. The IP was first reported in April 2026 and remains actively reported as recently as May 2026, demonstrating persistent rather than opportunistic behavior. The geographic location in the United States and the specific ASN assignment to an individual operator rather than a larger hosting provider is noteworthy, as it suggests targeted rather than mass-infrastructure based malicious activity.
The dominant threat classification of general hacking activity encompasses the full spectrum of unauthorized access attempts, vulnerability exploitation, and intrusion probing that automated honeypots are designed to detect and catalog. With 20 recent reports specifically citing this category and a combined total volume exceeding 2,200 incidents, this IP represents a systematic and patient adversary actively scanning and attempting to compromise internet-facing systems. The real-world risk to any exposed service includes credential compromise, data exfiltration, malware deployment, and use of the compromised system as a pivot point for further attacks.
Site operators should implement immediate defensive measures including adding this IP to deny lists at the firewall or network edge, configuring fail2ban or equivalent intrusion prevention tools to automatically ban repeated offending hosts, enforcing strong authentication on all exposed services especially SSH and RDP which are primary brute-force targets, and monitoring logs for any matching connection attempts even after blocking. Regular security patching of internet-facing applications remains essential as this IP has demonstrated capability to identify and exploit known vulnerabilities.
PL 
RO 
FR 
SE 
TR