Severe Risk
IP address 45.153.34.120 is a critical-risk address associated with automated brute-force authentication attacks targeting remote access services, with 296 abuse reports filed across 20 independent honeypot sensors and a maximum threat score of 10 out of 10. The IP originates from the Netherlands and is registered to Pfcloud UG (haftungsbeschrankt) on ASN AS51396, with activity documented throughout April 2026. Despite a low current activity frequency rating, the volume and consistency of historical reports establish this address as a persistent threat actor in the global IP reputation landscape.
The abuse reports accumulated against 45.153.34.120 span two primary threat categories: brute-force attacks accounting for the overwhelming majority at 17 distinct filings, supplemented by three general hacking activity reports. Automated honeypot sensors across multiple networks detected the malicious behaviour, with specific pattern analysis revealing VNC (Virtual Network Computing) brute-force attempts alongside Suricata intrusion-prevention alerts noting anomalous TCP stream behaviour characterised by FIN packets arriving outside the expected transmission window. The 78 percent confidence score indicates strong evidentiary support for malicious attribution, while the report distribution across 20 distinct detection sources demonstrates the IP's sustained and widespread hostile scanning activity rather than isolated incident response.
Brute-force attacks represent one of the most prevalent initial-access vectors employed by threat actors to compromise network infrastructure. By systematically cycling through authentication credentials against exposed services such as VNC, attackers using IP 45.153.34.120 seek to exploit weak or default passwords protecting remote administration interfaces. The detected Suricata alert pattern suggests the hostile endpoint is also engaged in advanced TCP state-tracking evasion techniques, probing firewall and endpoint security responses while conducting credential stuffing campaigns. Successful authentication against a VNC service grants attackers direct graphical remote access to target systems, enabling lateral movement, data exfiltration, and further exploitation of internal resources.
Network operators should immediately block 45.153.34.120 at the firewall or network perimeter to eliminate ongoing exposure. Implementing fail2ban or equivalent log-based authentication failure monitoring on VNC and other remote access services will dynamically ban repeated failed login sources. Enforcing multi-factor authentication on all externally accessible authentication interfaces substantially raises the difficulty barrier for credential-based attacks. Restricting VNC access to VPN tunnels or whitelisted IP ranges rather than exposing the service directly to the public internet eliminates the attack surface entirely.
SE 
IR 
UA 
RO 
GB 
BG 
KZ 
FR 
PS