Critical Alert
IP 130.12.180.66 is a high-risk address classified as an exploited host, meaning the underlying system has been compromised and is being weaponised by threat actors to conduct further attacks without the owner's knowledge. With a threat level of 10 out of 10 and 445 abuse reports submitted through automated honeypot sensors, this IP represents a significant and active danger to any exposed network service. The IP is registered in the United States under network operator Omegatech LTD (ASN AS202412), and was first flagged in March 2026 with sustained reporting activity continuing throughout the same month.
The detection data reveals 20 distinct automated honeypot sensors across the network community have logged this address, with the dominant threat category being classified as an exploited host. The associated attack-pattern notes reference malware and exploit activity, indicating the compromised system is likely running malicious tooling used to scan for vulnerabilities, distribute payloads or launch secondary attacks against other targets. Despite the extremely high threat rating, the activity frequency metric registers at 0 out of 10, suggesting the malicious operations may be intermittent or burst-based rather than continuous, which is common among botnets and compromised servers that activate on schedules or in response to specific conditions.
An exploited host poses concrete risks because the attacking traffic originates from a seemingly legitimate endpoint, which may bypass basic IP reputation filters that only block known bad ranges. The malware running on the compromised system could be harvesting credentials, conducting reconnaissance against internal networks or participating in larger-scale campaigns such as distributed denial-of-service attacks or cryptojacking operations. Because the true owner of the infected machine is likely unaware of the compromise, the threat can persist until external intervention occurs.
Network defenders should block 130.12.180.66 at the firewall or intrusion prevention level immediately, particularly given the maximum threat rating and confirmed malware activity. Implementing strict ingress and egress filtering will prevent the exploited host from establishing connections to sensitive services. Proactive measures such as fail2ban or similar authentication hardening tools can automatically block repeated login attempts should the address target SSH, RDP or web authentication endpoints. Organisations receiving reports of abuse originating from this IP should consider filing a notification to Omegatech LTD or the relevant upstream provider, as the system owner may require assistance remediating the compromise. Continuous monitoring of related traffic patterns will help determine whether the address attempts to circumvent blocks through rotating or adjacent IP ranges.
UA 
GB