Severe Risk
IP address 206.123.145.56 is a critical-risk address with a threat level of 10/10 that has generated 785 abuse reports, predominantly linked to unauthorized SSH intrusion activity detected across multiple automated honeypot sensors.
The host is registered to Netface Limited operating within ASN AS60223 and is geolocated to the United States. Automated honeypot sensors recorded activity spanning from March 2026 through April 2026, with the most recent reports indicating an active SSH session in progress on the expected SSH port. Of those reports, 20 specifically categorize the activity as general hacking behavior with a 79% confidence score, indicating a strong correlation between the observed patterns and malicious intent. The volume of reports concentrated over this two-month window suggests persistent, deliberate targeting rather than opportunistic scanning.
The dominant threat category involves unauthorized access attempts targeting SSH services, which represent one of the most commonly exposed entry points into Linux and network infrastructure worldwide. The detection of an active SSH session on the expected port indicates that an attacker may have successfully authenticated or is in the process of doing so, potentially establishing a foothold for further lateral movement, data exfiltration or the deployment of secondary payloads. The sustained volume of reports demonstrates that this address is systematically probing internet-facing SSH services at scale.
Administrators with SSH services exposed to the internet should enforce key-based authentication exclusively, disable root login and implement tools such as fail2ban to automatically block repeated authentication failures. Rate-limiting SSH connections, deploying intrusion detection signatures for anomalous SSH behavior and maintaining strict patch management on SSH daemons will significantly reduce exposure to credential-based attacks originating from addresses such as this one.
NL 
GB