Extreme Threat
IP 130.12.180.95, allocated to Netface LLC in the United States, is classified as a critical threat with a maximum threat level of 10/10, supported by 194 abuse reports received between January and April 2026. Automated honeypot sensors overwhelmingly detected this address conducting SSH brute-force attacks and general hacking intrusion attempts, establishing it as a high-confidence malicious actor that should be blocked on sight by any exposed service.
The report volume of 194 incidents across a four-month window, originating from 20 distinct automated honeypot sensors, indicates sustained and systematic malicious activity rather than opportunistic scanning. Detection patterns consistently reference SSH brute-force attempts progressing to established SSH sessions on expected ports, suggesting that this address is actively engaging with target SSH services to crack authentication credentials. The network attribution to Netface LLC places this threat within US-based infrastructure, though geographic origin provides no comfort when evaluating the direct risk to any exposed service.
SSH brute-force attacks pose a direct pathway to complete server compromise. Attackers use automated tools to systematically cycle through username and password combinations, exploiting weak or default credentials to gain unauthorized shell access. Successful authentication provides persistent remote access, enabling data exfiltration, malware deployment, lateral movement across networks, and recruitment into botnets. The documented progression from brute-force attempts to established sessions indicates active engagement with target systems, elevating concern beyond mere scanning activity.
Site operators should immediately block 130.12.180.95 at the firewall or network perimeter level. SSH services should be hardened by disabling root login, enforcing key-based authentication, and changing the default port. Deploying automated tools such as fail2ban will dynamically ban repeated offenders following configurable threshold violations. Regular audit of authentication logs for unusual patterns originating from this address, combined with prompt patching of SSH daemons, will further reduce exposure to credential-guessing campaigns.
BG 
UA 
RO 
SE 
HK 
FR