Maximum Danger
IP 185.12.59.118 is a critical-risk address operated by Blix Solutions AS in Norway that has been extensively documented conducting automated hacking attempts, accumulating 201 distinct abuse reports over an eight-month surveillance window with a threat level of 10/10 and a 90% confidence rating.
Automated honeypot sensors detected this address repeatedly engaging in unauthorized access probes from October 2025 through June 2026, generating 20 confirmed hacking-category reports within the most recent reporting period alone. The activity frequency score of 8/10 indicates persistent, repeated engagement rather than isolated scanning, and all report sources consistently attribute the malicious behavior to automated honeypot detection infrastructure. The Norwegian network registration for AS50304 shows this address is registered to Blix Solutions AS, a Norwegian business entity, suggesting the scanning infrastructure itself may be hosted within that network or operating through compromised endpoints under that operator's administration.
Hacking activity as categorized by detection sensors encompasses a broad range of intrusion techniques, including vulnerability exploitation attempts, brute-force authentication attacks, and probing for misconfigured or unpatched services exposed to the internet. The volume and consistency of reports for this specific address indicate systematic, automated scanning behavior designed to identify exploitable entry points across a wide target base. Real-world risk manifests as potential unauthorized access to weakly secured services, credential compromise through automated guessing attacks, and exploitation of known vulnerabilities on internet-facing systems.
Network defenders should immediately implement blocking or strict rate-limiting rules for this address at perimeter firewalls and intrusion prevention systems. Authentication endpoints—particularly SSH, RDP, and web application login portals—should be hardened with strong credential policies, multi-factor authentication where feasible, and continuous monitoring for anomalous authentication patterns. Deploying or configuring defensive tools such as fail2ban to automatically detect and temporarily block repeated login failures will significantly reduce the effectiveness of automated intrusion attempts. Regular patch management and vulnerability scanning of internet-facing services remain essential to eliminate the exploitation vectors this address and similar scanners actively target.
FI 
HK 
UA 
IR