Critical Alert
IP 130.12.180.65 is a critical-risk address linked to persistent IoT-targeted exploitation attempts, operated by Omegatech LTD under ASN AS202412 in the Netherlands. With a maximum threat score of 10/10 and 781 total abuse reports filed against this single address, the IP has demonstrated sustained malicious activity detected by automated honeypot sensors since December 2025, with the most recent reports filed in June 2026.
The volume and consistency of reports paint a clear picture of deliberate, repeated targeting. The 88% confidence score and 8/10 activity frequency indicate that automated honeypot sensors have reliably correlated this address with hostile reconnaissance and exploitation behavior over approximately six months. All 20 of the most recent reports categorically identify the threat as IoT-targeted activity, confirming that the address is actively scanning for vulnerable connected devices rather than engaging in generalized reconnaissance. The concentration of activity within a single ASN operated by Omegatech LTD suggests this IP may be part of a coordinated infrastructure used specifically for IoT exploitation campaigns.
IoT-targeted attacks exploit the notoriously weak security posture of smart devices, routers, IP cameras, and other connected hardware. Attackers leverage default credentials, unpatched firmware vulnerabilities, and exposed management interfaces to compromise devices at scale. For an exposed network, a persistent source of IoT-targeted traffic represents a serious risk of device compromise, botnet recruitment, lateral movement, and data exfiltration. The automated nature of these attacks means that even brief exposure can result in rapid exploitation of unpatched devices.
Site operators should immediately block IP 130.12.180.65 at the network perimeter firewall or via intrusion prevention systems. All internet-facing IoT devices should be placed in isolated network segments separate from critical infrastructure. Firmware on connected devices must be kept current, default credentials must be changed, and Universal Plug and Play should be disabled on routers. Implementing dynamic blocking tools such as fail2ban can provide automated defense against repeated scanning patterns, and administrators should monitor adjacent IP ranges within AS202412 for similar hostile activity.
US 
GB 
IR 
UA 
BE