Critical Alert
IP 94.102.4.12, registered to Netinternet Bilisim Teknolojileri AS in Turkey, is a maximum-threat-level address associated with 952 reported hacking incidents targeting automated honeypot sensors, with the activity consistently identified as SSH-based intrusion attempts originating from this Turkish network.
Analysis of the submitted reports reveals a concentrated threat profile: all 952 abuse reports filed between September 2025 classify the activity under the Hacking category, with every detection attributed to automated honeypot sensors monitoring exposed services. The report volume of 952 incidents from 20 independent sensor sources indicates sustained, deliberate probing rather than opportunistic scanning, while the moderate 59% confidence score reflects typical uncertainty inherent in automated threat classification. Despite a low reported activity frequency metric, the sheer number of distinct honeypot interactions demonstrates persistent targeting of SSH services from this specific address within the Netinternet AS51559 network block, suggesting an automated credential-attack or reconnaissance campaign originating from Turkish infrastructure.
The dominant threat category—Hacking activity targeting SSH services—represents one of the most common initial-access vectors employed against internet-facing servers. Attackers systematically scan for exposed SSH daemons and then launch brute-force or dictionary-based authentication attacks to gain shell access, at which point systems are routinely compromised for botnet recruitment, cryptomining, data theft or use as pivots for further network intrusion. The detection of command-input patterns in the honeypot logs confirms that this address has been actively interacting with SSH prompts in a manner consistent with credential-guessing or reverse-shell establishment attempts, posing a concrete risk to any exposed SSH service without adequate access controls.
Site operators with SSH services accessible from the internet should treat IP 94.102.4.12 as definitively hostile and implement immediate blocking at the firewall or network edge. Enforce key-based authentication exclusively and disable password-based SSH access entirely to neutralise brute-force attempts. Deploy fail2ban or equivalent dynamic blocking tools to automatically threshold and ban repeat offenders. Maintain strict allowlisting of trusted source networks, monitor authentication logs for patterns associated with this address, and ensure all SSH daemons are running current versions with hardening configurations applied.
RO 
PH 
UA 
VN