Substantial Risk
IP 130.12.181.100 is a high-risk address linked to sustained SSH brute-force attacks, with 2948 abuse reports filed between January and April 2026 by automated honeypot sensors. The threat level of 8/10 and confidence score of 86% establish this as a reliably identified, persistent threat actor operating from Germany.
The address is registered to Netiface LLC under ASN AS36680 and generated detection events across 20 separate automated honeypot sensors over a four-month window. Fail2ban log analysis reveals repeated sshd jail violations ranging from 25 to 221 per incident, with multiple recidive-jail flags indicating the source repeatedly evaded temporary blocks and resumed attacks. The activity frequency of 4/10 combined with the high report volume reflects a methodical, sustained campaign rather than opportunistic scanning.
SSH brute-force attacks systematically test credential combinations against exposed SSH services, exploiting weak or default passwords to gain unauthorized server access. Successful compromise grants attackers persistent shell access, enabling data exfiltration, cryptominer deployment, lateral movement across networks, or establishment of long-term footholds. The volume and persistence of activity from IP 130.12.181.100 indicates an automated, dictionary-driven operation likely operating as part of a botnet or paid attack service.
Site operators exposing SSH services should enforce key-based authentication, change the default port, and disable root login. Implementing fail2ban with aggressive retry limits and block durations will automatically mitigate repeat offenders. Rate limiting, account lockout policies, and multi-factor authentication add critical friction against credential-based attacks. Regular monitoring of authentication logs for unusual patterns from high-report IPs provides early warning of ongoing campaigns.
SI 
AE 
RO 
IR